v0.0.31: per-bot unique user IDs, remove raw fingerprint from bot API

Privacy: from.id is now Hash(bot_token + user_fp) → different bots see
different numeric IDs for the same user. Prevents cross-bot user correlation.

Removed id_str (raw hex fingerprint) from all bot API responses.
Updated LLM_BOT_DEV.md and LLM_HELP.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/crates/warzone-server/src/routes/resolve.rs

@@ -7,7 +7,22 @@ use axum::{
 use crate::errors::AppResult;
 use crate::state::AppState;
 
-/// Convert a fingerprint hex string to a stable i64 ID (for Telegram compatibility).
+/// Convert a fingerprint to a per-bot unique numeric ID.
+/// Hash(bot_token + user_fp) → i64. Different bots see different IDs for the same user.
+/// This prevents cross-bot user correlation (same privacy model as Telegram).
+pub fn fp_to_numeric_id_for_bot(fp: &str, bot_token: &str) -> i64 {
+    use sha2::{Sha256, Digest};
+    let mut hasher = Sha256::new();
+    hasher.update(bot_token.as_bytes());
+    hasher.update(b":");
+    hasher.update(fp.as_bytes());
+    let hash = hasher.finalize();
+    let mut arr = [0u8; 8];
+    arr.copy_from_slice(&hash[..8]);
+    (i64::from_be_bytes(arr) & 0x7FFFFFFFFFFFFFFF) // ensure positive
+}
+
+/// Convert a fingerprint hex string to a stable i64 ID (non-bot contexts).
 /// Uses first 8 bytes of the fingerprint as a positive i64.
 pub fn fp_to_numeric_id(fp: &str) -> i64 {
     let clean: String = fp.chars().filter(|c| c.is_ascii_hexdigit()).take(16).collect();