Scaffold Rust workspace: warzone-protocol, server, client, mule

4 crates, all compile. 16/17 tests pass.

warzone-protocol (core crypto):
- Seed-based identity (Ed25519 + X25519 from 32-byte seed via HKDF)
- BIP39 mnemonic encode/decode (24 words)
- Fingerprint type (SHA-256 truncated, displayed as xxxx:xxxx:xxxx:xxxx)
- ChaCha20-Poly1305 AEAD encrypt/decrypt with random nonce
- HKDF-SHA256 key derivation
- Pre-key bundle generation with Ed25519 signatures
- X3DH key exchange (simplified, needs X25519 identity key in bundle)
- Double Ratchet: full implementation with DH ratchet, chain ratchet,
  out-of-order message handling via skipped keys cache
- Message format (WarzoneMessage envelope + RatchetHeader)
- Session type with ratchet state
- Storage trait definitions (PreKeyStore, SessionStore, MessageQueue)

warzone-server (axum):
- sled database (keys, messages, one-time pre-keys)
- Routes: /v1/health, /v1/keys/register, /v1/keys/{fp},
  /v1/messages/send, /v1/messages/poll/{fp}, /v1/messages/{id}/ack

warzone-client (CLI):
- `warzone init` — generate seed, show mnemonic, save to ~/.warzone/
- `warzone recover <words>` — restore from mnemonic
- `warzone info` — show fingerprint and keys
- Seed storage at ~/.warzone/identity.seed (600 perms)
- Stubs for send, recv, chat commands

warzone-mule: Phase 4 placeholder

Known issue: X3DH test fails (initiate/respond use different DH ops
due to missing X25519 identity key in bundle). Fix in next step.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/crates/warzone-client/src/cli/info.rs

@@ -0,0 +1,16 @@
+use crate::keystore;
+
+pub fn run() -> anyhow::Result<()> {
+    let seed = keystore::load_seed()?;
+    let identity = seed.derive_identity();
+    let pub_id = identity.public_identity();
+
+    println!("Fingerprint: {}", pub_id.fingerprint);
+    println!("Signing key: {}", hex::encode(pub_id.signing.as_bytes()));
+    println!(
+        "Encryption key: {}",
+        hex::encode(pub_id.encryption.as_bytes())
+    );
+
+    Ok(())
+}

warzone/crates/warzone-client/src/cli/init.rs

@@ -0,0 +1,27 @@
+use warzone_protocol::identity::Seed;
+
+use crate::keystore;
+
+pub fn run() -> anyhow::Result<()> {
+    let seed = Seed::generate();
+    let identity = seed.derive_identity();
+    let pub_id = identity.public_identity();
+    let mnemonic = seed.to_mnemonic();
+
+    println!("Identity generated!\n");
+    println!("Fingerprint: {}", pub_id.fingerprint);
+    println!("\nRecovery mnemonic (WRITE THIS DOWN):\n");
+    for (i, word) in mnemonic.split_whitespace().enumerate() {
+        print!("{:>2}. {:<12}", i + 1, word);
+        if (i + 1) % 4 == 0 {
+            println!();
+        }
+    }
+    println!();
+
+    // Save encrypted seed
+    keystore::save_seed(&seed)?;
+    println!("Seed saved to ~/.warzone/identity.seed");
+
+    Ok(())
+}

warzone/crates/warzone-client/src/cli/mod.rs

@@ -0,0 +1,3 @@
+pub mod info;
+pub mod init;
+pub mod recover;

warzone/crates/warzone-client/src/cli/recover.rs

@@ -0,0 +1,17 @@
+use warzone_protocol::identity::Seed;
+
+use crate::keystore;
+
+pub fn run(mnemonic: &str) -> anyhow::Result<()> {
+    let seed = Seed::from_mnemonic(mnemonic)?;
+    let identity = seed.derive_identity();
+    let pub_id = identity.public_identity();
+
+    println!("Identity recovered!");
+    println!("Fingerprint: {}", pub_id.fingerprint);
+
+    keystore::save_seed(&seed)?;
+    println!("Seed saved to ~/.warzone/identity.seed");
+
+    Ok(())
+}