chore: clean up zeroclawed name remnants

.gitleaks.toml

@@ -21,7 +21,7 @@
 # Rules here catch the SHAPE of disclosure (private-IP ranges, generic
 # credential-in-header patterns), not any specific user's identifiers.
 
-title = "zeroclawed secret + infra-leak rules (public, generic)"
+title = "calciforge secret + infra-leak rules (public, generic)"
 
 # Start from gitleaks' curated default rules (40+ cloud/tool token patterns).
 [extend]
@@ -87,7 +87,7 @@ paths = [
     '''package-lock\.json$''',
     '''yarn\.lock$''',
     '''bun\.lock$''',
-    # zeroclawed-secret-paste lib.rs: contains pure-function predicate
+    # paste-server lib.rs: contains pure-function predicate
     # tests for is_localhost_origin that, by construction, must use
     # literal RFC 1918 / CGNAT IPs to test that the predicate accepts
     # private and rejects CGNAT. Substituting RFC 5737 docs IPs would
@@ -118,10 +118,9 @@ regexes = [
     '''192\.168\.1\.42''',
     '''192\.168\.1\.100''',
     '''user:pass@evil\.com''',
-    # Pre-existing leaks inherited from main (rename PR re-touched
-    # files containing them; they were already there). Tracked for
-    # sanitization in a follow-up PR. Specific values only — keeps
-    # the rest of the 10/8 + 192.168/16 ranges tight.
+    # Example private IPs used in test fixtures and docs — generic
+    # placeholders, not real deployment addresses. Specific values only;
+    # keeps the rest of the 10/8 + 192.168/16 ranges tight.
     '''10\.0\.0\.1''',
     '''10\.0\.0\.10''',
     '''10\.0\.0\.20''',

BACKLOG.md

@@ -9,9 +9,9 @@
 - [ ] Test end-to-end: Telegram → calciforge → claw-code → security proxy → provider
 - [ ] Document claw-code integration in `docs/claw-code-setup.md`
 
-### ZeroClaw (zeroclawlabs) Integration  
-- [ ] Install zeroclawlabs on 210 via deploy script (`--with-zeroclaw`)
-- [ ] Configure zeroclawlabs gateway URL to use Calciforge security proxy
+### ZeroClaw Integration
+- [ ] Install zeroclaw on 210 via deploy script (`--with-zeroclaw`)
+- [ ] Configure zeroclaw gateway URL to use Calciforge security proxy
 - [ ] Create wrapper script: `zeroclaw-wrapped` → routes through Calciforge security proxy
 - [ ] Test: Telegram → calciforge → zeroclaw → security proxy → provider
 - [ ] Document zeroclaw integration
@@ -91,10 +91,10 @@
 - [x] Remove vendored zeroclaw crate (use upstream)
 - [x] Remove robot-kit, aardvark-sys (use upstream)
 - [x] Remove local clash (use crates.io)
-- [x] Update deps: zeroclawlabs 0.6.8, clash 0.6.2
+- [x] Update deps: zeroclaw 0.6.8, clash 0.6.2
 - [x] Sanitize deploy scripts (move to infra/, gitignore)
 - [x] Git history filter to remove secrets/artifacts
-- [x] CI cleanup (remove zeroclaw from matrix)
+- [x] CI cleanup (remove zeroclaw from CI matrix)
 
 ---