chore: rename project quicnprotochat -> quicproquo (binaries: qpq)

Rename the entire workspace:
- Crate packages: quicnprotochat-{core,proto,server,client,gui,p2p,mobile} -> quicproquo-*
- Binary names: quicnprotochat -> qpq, quicnprotochat-server -> qpq-server,
  quicnprotochat-gui -> qpq-gui
- Default files: *-state.bin -> qpq-state.bin, *-server.toml -> qpq-server.toml,
  *.db -> qpq.db
- Environment variable prefix: QUICNPROTOCHAT_* -> QPQ_*
- App identifier: chat.quicnproto.gui -> chat.quicproquo.gui
- Proto package: quicnprotochat.bench -> quicproquo.bench
- All documentation, Docker, CI, and script references updated

HKDF domain-separation strings and P2P ALPN remain unchanged for
backward compatibility with existing encrypted state and wire protocol.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

master-prompt.md

@@ -1,8 +1,8 @@
-# quicnprotochat — Master Project Prompt
+# quicproquo — Master Project Prompt
 
 ## Project Identity
 
-You are building **quicnprotochat**, a production-grade end-to-end encrypted group messenger in Rust. It uses the MLS protocol (RFC 9420) for group key agreement, ML-KEM-768 (NIST FIPS 203) hybrid post-quantum key exchange, the Noise Protocol Framework (Noise_XX pattern) over raw TCP as the transport layer, and Cap'n Proto for wire serialisation and RPC. There is no TLS, no HTTP, no WebSocket, no MessagePack.
+You are building **quicproquo**, a production-grade end-to-end encrypted group messenger in Rust. It uses the MLS protocol (RFC 9420) for group key agreement, ML-KEM-768 (NIST FIPS 203) hybrid post-quantum key exchange, the Noise Protocol Framework (Noise_XX pattern) over raw TCP as the transport layer, and Cap'n Proto for wire serialisation and RPC. There is no TLS, no HTTP, no WebSocket, no MessagePack.
 
 This is not a prototype. Every milestone produces production-ready, tested, deployable code.
 
@@ -35,13 +35,13 @@ This is not a prototype. Every milestone produces production-ready, tested, depl
 ### Workspace Layout
 
 ```
-quicnprotochat/
+quicproquo/
 ├── Cargo.toml                  # workspace root
 ├── crates/
-│   ├── quicnprotochat-core/           # crypto primitives, MLS wrapper, Noise framing codec
-│   ├── quicnprotochat-proto/          # Cap'n Proto schemas + generated types, no crypto, no I/O
-│   ├── quicnprotochat-server/         # Delivery Service (DS) + Authentication Service (AS)
-│   └── quicnprotochat-client/         # CLI client
+│   ├── quicproquo-core/           # crypto primitives, MLS wrapper, Noise framing codec
+│   ├── quicproquo-proto/          # Cap'n Proto schemas + generated types, no crypto, no I/O
+│   ├── quicproquo-server/         # Delivery Service (DS) + Authentication Service (AS)
+│   └── quicproquo-client/         # CLI client
 ├── schemas/                    # .capnp schema files (canonical source of truth)
 │   ├── envelope.capnp
 │   ├── auth.capnp
@@ -55,31 +55,31 @@ quicnprotochat/
 
 ### Crate Responsibilities
 
-**quicnprotochat-core**
+**quicproquo-core**
 - Noise_XX handshake initiator and responder (via `snow`)
 - Length-prefixed Cap'n Proto frame codec (Tokio `Encoder`/`Decoder` traits)
 - MLS group state machine wrapper around `openmls`
 - Hybrid PQ ciphersuite (X25519 + ML-KEM-768)
 - Key generation and zeroize-on-drop key types
 
-**quicnprotochat-proto**
+**quicproquo-proto**
 - Cap'n Proto `.capnp` schemas in `schemas/` (workspace root, shared)
 - `build.rs` invokes `capnpc` to generate Rust types into `src/generated/`
 - Re-exports generated types with ergonomic builder/reader helpers
 - Canonical serialisation helpers for signing (uses `capnp::message::Builder::canonicalize()`)
 - No crypto, no I/O, no async
 
-**quicnprotochat-server**
+**quicproquo-server**
 - Authentication Service: KeyPackage store (DashMap → SQLite at M6)
 - Delivery Service: Cap'n Proto RPC interface, fan-out router, per-group append-only message log
 - Tokio TCP listener, Noise handshake per connection, then Cap'n Proto RPC over the encrypted channel
 - Structured logging (tracing)
 
-**quicnprotochat-client**
+**quicproquo-client**
 - Tokio TCP connection to server
 - Noise handshake, then Cap'n Proto RPC client stub
 - CLI interface (clap)
-- Drives quicnprotochat-core for all crypto operations
+- Drives quicproquo-core for all crypto operations
 - Displays received messages to stdout
 
 ### Transport Stack
@@ -174,11 +174,11 @@ Hybrid KEM construction:
 ```
 SharedSecret = HKDF-SHA256(
   ikm  = X25519_ss || ML-KEM-768_ss,
-  info = "quicnprotochat-hybrid-v1",
+  info = "quicproquo-hybrid-v1",
   len  = 32
 )
 ```
-Follows the combiner approach from draft-ietf-tls-hybrid-design. Implemented as a custom `openmls` `OpenMlsCryptoProvider` trait implementation in `quicnprotochat-core`.
+Follows the combiner approach from draft-ietf-tls-hybrid-design. Implemented as a custom `openmls` `OpenMlsCryptoProvider` trait implementation in `quicproquo-core`.
 
 ---
 
@@ -189,10 +189,10 @@ Follows the combiner approach from draft-ietf-tls-hybrid-design. Implemented as
 
 Deliverables:
 - `schemas/envelope.capnp`: `Envelope` + `MsgType` (Ping/Pong only needed at this stage)
-- `quicnprotochat-proto`: `build.rs` with `capnpc`, generated type re-exports, canonical helper
-- `quicnprotochat-core`: static X25519 keypair generation, Noise_XX initiator + responder, length-prefixed Cap'n Proto frame codec
-- `quicnprotochat-server`: TCP listener, Noise handshake, Ping→Pong handler, one tokio task per connection
-- `quicnprotochat-client`: connects, Noise handshake, sends Ping, receives Pong, exits 0
+- `quicproquo-proto`: `build.rs` with `capnpc`, generated type re-exports, canonical helper
+- `quicproquo-core`: static X25519 keypair generation, Noise_XX initiator + responder, length-prefixed Cap'n Proto frame codec
+- `quicproquo-server`: TCP listener, Noise handshake, Ping→Pong handler, one tokio task per connection
+- `quicproquo-client`: connects, Noise handshake, sends Ping, receives Pong, exits 0
 - Integration test: server and client in same test binary using `tokio::spawn`
 - `docker-compose.yml` running the server
 
@@ -201,10 +201,10 @@ Deliverables:
 
 Deliverables:
 - `schemas/auth.capnp`: `AuthenticationService` interface
-- `quicnprotochat-proto`: generated RPC stubs + client/server bootstrap helpers
-- `quicnprotochat-core`: MLS KeyPackage generation (openmls)
-- `quicnprotochat-server`: AS RPC server implementation with DashMap store
-- `quicnprotochat-client`: `register` and `fetch-key` CLI subcommands
+- `quicproquo-proto`: generated RPC stubs + client/server bootstrap helpers
+- `quicproquo-core`: MLS KeyPackage generation (openmls)
+- `quicproquo-server`: AS RPC server implementation with DashMap store
+- `quicproquo-client`: `register` and `fetch-key` CLI subcommands
 - Test: Alice uploads KeyPackage, Bob fetches it, fingerprints match
 
 ### M3 — MLS Group Create + Welcome
@@ -212,25 +212,25 @@ Deliverables:
 
 Deliverables:
 - `schemas/delivery.capnp`: `DeliveryService` + `MessageStream` interfaces
-- `quicnprotochat-core`: group create, add member, process Welcome
-- `quicnprotochat-server`: DS RPC server, Welcome routing by identity
-- `quicnprotochat-client`: `create-group` and `join` CLI subcommands
+- `quicproquo-core`: group create, add member, process Welcome
+- `quicproquo-server`: DS RPC server, Welcome routing by identity
+- `quicproquo-client`: `create-group` and `join` CLI subcommands
 - Test: two clients reach identical epoch 1 group state, verified by comparing group context hashes
 
 ### M4 — Encrypted Group Messaging
 **Goal:** Alice and Bob exchange MLS Application messages through the DS.
 
 Deliverables:
-- `quicnprotochat-core`: send/receive application message, epoch rotation on Commit
-- `quicnprotochat-server`: DS fan-out via `MessageStream` capability stream, per-group ordered log (in-memory)
-- `quicnprotochat-client`: `send` subcommand, live receive loop via `MessageStream.next()`
+- `quicproquo-core`: send/receive application message, epoch rotation on Commit
+- `quicproquo-server`: DS fan-out via `MessageStream` capability stream, per-group ordered log (in-memory)
+- `quicproquo-client`: `send` subcommand, live receive loop via `MessageStream.next()`
 - Test: round-trip message integrity, forward secrecy verified by confirming distinct key material across epochs
 
 ### M5 — Hybrid PQ Ciphersuite
 **Goal:** Replace MLS crypto backend with X25519 + ML-KEM-768 hybrid.
 
 Deliverables:
-- `quicnprotochat-core`: custom `OpenMlsCryptoProvider` with hybrid KEM
+- `quicproquo-core`: custom `OpenMlsCryptoProvider` with hybrid KEM
 - All M3/M4 tests pass unchanged with new ciphersuite
 - Criterion benchmarks: key generation, encap/decap, group-add latency (10/100/1000 members)
 
@@ -238,7 +238,7 @@ Deliverables:
 **Goal:** Server survives restart. Full containerised deployment.
 
 Deliverables:
-- `quicnprotochat-server`: SQLite via `sqlx` for AS key store and DS message log, `migrations/` directory
+- `quicproquo-server`: SQLite via `sqlx` for AS key store and DS message log, `migrations/` directory
 - `docker/Dockerfile`: multi-stage build (rust:bookworm builder → debian:bookworm-slim runtime)
 - `docker-compose.yml`: server + SQLite volume, healthcheck
 - Client reconnect with session resume (re-handshake + rejoin group epoch from DS log)
@@ -266,7 +266,7 @@ capnp               = "0.19"
 capnp-rpc           = "0.19"
 
 # Build-time only
-capnpc              = "0.19"   # build-dependency in quicnprotochat-proto
+capnpc              = "0.19"   # build-dependency in quicproquo-proto
 
 # Async / networking
 tokio               = { version = "1", features = ["full"] }
@@ -310,7 +310,7 @@ The MLS content layer is PQ-protected from M5. The Noise transport (X25519) rema
 
 ## How to Use This Prompt
 
-Paste this document at the start of any session working on quicnprotochat. Then state which milestone you are working on and what specific task you need. The assistant will:
+Paste this document at the start of any session working on quicproquo. Then state which milestone you are working on and what specific task you need. The assistant will:
 
 1. Confirm the current milestone and task.
 2. State any design decisions being made (ADR format if significant).
@@ -325,5 +325,5 @@ When asking for code, always specify:
 
 ---
 
-*quicnprotochat — MLS + Post-Quantum + Noise/TCP + Cap'n Proto messenger in Rust*
+*quicproquo — MLS + Post-Quantum + Noise/TCP + Cap'n Proto messenger in Rust*
 *Architecture version: 1.1 | Last updated: 2026-02-19*