feat: Phase 9 — developer experience, extensibility, and community growth

New crates:
- quicproquo-bot: Bot SDK with polling API + JSON pipe mode
- quicproquo-kt: Key Transparency Merkle log (RFC 9162 subset)
- quicproquo-plugin-api: no_std C-compatible plugin vtable API
- quicproquo-gen: scaffolding tool (qpq-gen plugin/bot/rpc/hook)

Server features:
- ServerHooks trait wired into all RPC handlers (enqueue, fetch, auth,
  channel, registration) with plugin rejection support
- Dynamic plugin loader (libloading) with --plugin-dir config
- Delivery proof canary tokens (Ed25519 server signatures on enqueue)
- Key Transparency Merkle log with inclusion proofs on resolveUser

Core library:
- Safety numbers (60-digit HMAC-SHA256 key verification codes)
- Verifiable transcript archive (CBOR + ChaCha20-Poly1305 + hash chain)
- Delivery proof verification utility
- Criterion benchmarks (hybrid KEM, MLS, identity, sealed sender, padding)

Client:
- /verify REPL command for out-of-band key verification
- Full-screen TUI via Ratatui (feature-gated --features tui)
- qpq export / qpq export-verify CLI subcommands
- KT inclusion proof verification on user resolution

Also: ROADMAP Phase 9 added, bot SDK docs, server hooks docs,
crate-responsibilities updated, example plugins (rate_limit, logging).

crates/quicproquo-client/src/client/rpc.rs

@@ -576,6 +576,13 @@ pub async fn batch_enqueue(
 }
 
 /// Resolve a username to its Ed25519 identity key (32 bytes).
+///
+/// When the server returns a non-empty `inclusionProof`, the client verifies it
+/// against the identity key using the Key Transparency Merkle proof. Proof
+/// verification failure is treated as a hard error (the server is misbehaving).
+/// If the server sends no proof (empty field), the key is returned as-is —
+/// callers can decide whether to require proofs for security-critical flows.
+///
 /// Returns `None` if the username is not registered.
 pub async fn resolve_user(
     client: &node_service::Client,
@@ -595,18 +602,31 @@ pub async fn resolve_user(
         .await
         .context("resolve_user RPC failed")?;
 
-    let key = resp
-        .get()
-        .context("resolve_user: bad response")?
+    let reader = resp.get().context("resolve_user: bad response")?;
+
+    let key = reader
         .get_identity_key()
-        .context("resolve_user: missing field")?
+        .context("resolve_user: missing identity_key field")?
         .to_vec();
 
     if key.is_empty() {
-        Ok(None)
-    } else {
-        Ok(Some(key))
+        return Ok(None);
     }
+
+    // Verify the KT inclusion proof when the server sends one.
+    let proof_bytes = reader
+        .get_inclusion_proof()
+        .context("resolve_user: missing inclusion_proof field")?
+        .to_vec();
+
+    if !proof_bytes.is_empty() {
+        let proof = quicproquo_kt::InclusionProof::from_bytes(&proof_bytes)
+            .context("resolve_user: inclusion proof deserialise failed")?;
+        quicproquo_kt::verify_inclusion(&proof, username, &key)
+            .context("resolve_user: KT inclusion proof verification FAILED — possible key mislabelling")?;
+    }
+
+    Ok(Some(key))
 }
 
 /// Reverse lookup: resolve an identity key to the registered username.