v0.0.15: unalias, admin alias removal, /reply, web version fix

Aliases:
- /unalias — remove your own alias
- /admin-unalias <alias> <password> — admin removes any alias
- Admin password via WARZONE_ADMIN_PASSWORD env var (default: "admin")
- POST /v1/alias/unregister + POST /v1/alias/admin-remove

Reply:
- /r or /reply — switches peer to whoever last DM'd you
- lastDmPeer tracked on both web and TUI
- Then type normally to reply

Web:
- Version bumped to 0.0.15 (was stuck at 0.0.10)
- WASM rebuilt with latest protocol

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/crates/warzone-server/src/routes/web.rs

@@ -236,7 +236,7 @@ let pollTimer = null;
 let ws = null;  // WebSocket connection
 let wasmReady = false;
 
-const VERSION = '0.0.10';
+const VERSION = '0.0.15';
 let DEBUG = true;  // toggle with /debug command
 
 // ── Receipt tracking ──
@@ -505,6 +505,7 @@ async function handleIncomingMessage(bytes) {
     addMsg(fromLabel, result.text, false);
     // Send delivery receipt
     if (result.message_id) sendReceipt(result.sender, result.message_id, 'delivered');
+    lastDmPeer = normFP(result.sender);
     return;
   } catch(e) {
     dbg('KeyExchange/Receipt parse failed:', e.message || e);
@@ -539,6 +540,7 @@ async function handleIncomingMessage(bytes) {
       addMsg(fromLabel, result.text, false);
       // Send delivery receipt
       if (result.message_id) sendReceipt(result.sender, result.message_id, 'delivered');
+      lastDmPeer = normFP(result.sender);
       return;
     } catch(e2) {
       dbg('Session', senderFP, 'failed:', e2.message || e2);
@@ -633,6 +635,7 @@ async function doRecover() {
 }
 
 let currentGroup = null;  // if set, messages go to group
+let lastDmPeer = null;    // for /r reply
 
 async function enterChat() {
   document.getElementById('setup').classList.remove('active');
@@ -809,7 +812,39 @@ async function doSend() {
     });
     const data = await resp.json();
     if (data.error) { addSys('Error: ' + data.error); }
-    else { addSys('Alias @' + data.alias + ' registered'); }
+    else { addSys('Alias @' + data.alias + ' registered. Recovery key: ' + (data.recovery_key || 'N/A')); }
+    return;
+  }
+  if (text === '/unalias') {
+    const resp = await fetch(SERVER + '/v1/alias/unregister', {
+      method: 'POST', headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ fingerprint: normFP(myFingerprint) })
+    });
+    const data = await resp.json();
+    if (data.error) addSys('Error: ' + data.error);
+    else addSys('Alias removed');
+    return;
+  }
+  if (text.startsWith('/admin-unalias ')) {
+    const parts = text.slice(15).trim().split(' ');
+    if (parts.length < 2) { addSys('Usage: /admin-unalias <alias> <admin-password>'); return; }
+    const resp = await fetch(SERVER + '/v1/alias/admin-remove', {
+      method: 'POST', headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ alias: parts[0], admin_password: parts.slice(1).join(' ') })
+    });
+    const data = await resp.json();
+    if (data.error) addSys('Error: ' + data.error);
+    else addSys('Alias @' + parts[0] + ' removed by admin');
+    return;
+  }
+  if (text.startsWith('/r ') || text.startsWith('/reply ')) {
+    const replyText = text.startsWith('/r ') ? text.slice(3) : text.slice(7);
+    if (!lastDmPeer) { addSys('No one to reply to'); return; }
+    $peerInput.value = lastDmPeer;
+    try {
+      await sendEncrypted(lastDmPeer, replyText.trim());
+      addMsg(myFingerprint.slice(0, 19), replyText.trim(), true);
+    } catch(e) { addSys('Reply failed: ' + e.message); }
     return;
   }
   if (text.startsWith('/gcreate ')) { await groupCreate(text.slice(9).trim()); return; }