Merge origin/main into copilot/remove-built-in-messenger-support

Co-authored-by: rexlunae <6726134+rexlunae@users.noreply.github.com>

Author: Copilot

crates/rustyclaw-cli/src/bin/rustyclaw-gateway.rs

@@ -54,6 +54,36 @@ enum GatewayCommands {
         #[arg(long)]
         json: bool,
     },
+    /// Manage SSH pairing and authorized clients
+    #[command(subcommand)]
+    Pair(PairCommands),
+}
+
+#[derive(Debug, Subcommand)]
+enum PairCommands {
+    /// List authorized clients
+    List,
+    /// Add a new authorized client
+    Add {
+        /// Public key in OpenSSH format (ssh-ed25519 AAAA...)
+        #[arg(value_name = "PUBLIC_KEY")]
+        key: String,
+        /// Optional name/comment for the client
+        #[arg(long, short)]
+        name: Option<String>,
+    },
+    /// Remove an authorized client by fingerprint
+    Remove {
+        /// Key fingerprint (SHA256:...)
+        #[arg(value_name = "FINGERPRINT")]
+        fingerprint: String,
+    },
+    /// Show pairing QR code for this gateway
+    Qr {
+        /// Gateway host:port (required for QR generation)
+        #[arg(long, value_name = "HOST:PORT")]
+        host: String,
+    },
 }
 
 #[derive(Debug, clap::Args)]
@@ -149,6 +179,9 @@ async fn main() -> Result<()> {
             }
             return Ok(());
         }
+        Some(GatewayCommands::Pair(pair_cmd)) => {
+            return handle_pair_command(pair_cmd).await;
+        }
         None => RunArgs::default(),
     };
 
@@ -386,7 +419,7 @@ async fn main() -> Result<()> {
 ///
 /// This mode is used when the gateway is invoked via OpenSSH's subsystem
 /// mechanism. Instead of listening on TCP, we read/write frames on stdin/stdout.
-async fn run_ssh_stdio_mode(config: Config, args: RunArgs) -> Result<()> {
+async fn run_ssh_stdio_mode(config: Config, _args: RunArgs) -> Result<()> {
     use rustyclaw_core::gateway::{StdioTransport, Transport};
 
     // Get username from SSH environment
@@ -424,7 +457,7 @@ async fn run_ssh_stdio_mode(config: Config, args: RunArgs) -> Result<()> {
         std::sync::Arc::new(tokio::sync::Mutex::new(vault));
 
     // ── Resolve model context ────────────────────────────────────────────
-    let model_ctx = {
+    let _model_ctx = {
         let env_key = std::env::var("RUSTYCLAW_MODEL_API_KEY").ok();
 
         if let Some(ref key) = env_key {
@@ -447,7 +480,7 @@ async fn run_ssh_stdio_mode(config: Config, args: RunArgs) -> Result<()> {
     if let Some(url) = config.clawhub_url.as_deref() {
         sm.set_registry(url, config.clawhub_token.clone());
     }
-    let shared_skills: rustyclaw_core::gateway::SharedSkillManager =
+    let _shared_skills: rustyclaw_core::gateway::SharedSkillManager =
         std::sync::Arc::new(tokio::sync::Mutex::new(sm));
 
     // Set up cancellation
@@ -466,3 +499,123 @@ async fn run_ssh_stdio_mode(config: Config, args: RunArgs) -> Result<()> {
     transport.close().await?;
     Ok(())
 }
+
+/// Handle pairing subcommands.
+async fn handle_pair_command(cmd: PairCommands) -> Result<()> {
+    use rustyclaw_core::pairing::{
+        default_authorized_clients_path,
+        load_authorized_clients,
+        add_authorized_client,
+        remove_authorized_client,
+    };
+    
+    let auth_path = default_authorized_clients_path();
+    
+    match cmd {
+        PairCommands::List => {
+            let clients = load_authorized_clients(&auth_path)?;
+            
+            if clients.clients.is_empty() {
+                println!("{}", t::muted("No authorized clients"));
+                println!();
+                println!("Add a client with:");
+                println!("  {} pair add <PUBLIC_KEY> --name <NAME>", t::info("rustyclaw-gateway"));
+                return Ok(());
+            }
+            
+            println!("{}", t::heading("Authorized Clients"));
+            println!();
+            
+            for (i, client) in clients.clients.iter().enumerate() {
+                let name = client.comment.as_deref().unwrap_or("(unnamed)");
+                println!(
+                    "{}. {} {}",
+                    i + 1,
+                    t::info(name),
+                    t::muted(&format!("({})", &client.fingerprint))
+                );
+            }
+            
+            println!();
+            println!(
+                "{} {}",
+                t::muted("File:"),
+                auth_path.display()
+            );
+        }
+        
+        PairCommands::Add { key, name } => {
+            match add_authorized_client(&auth_path, &key, name.as_deref()) {
+                Ok(client) => {
+                    println!(
+                        "{} Added client: {}",
+                        t::icon_ok(""),
+                        t::info(client.comment.as_deref().unwrap_or("(unnamed)"))
+                    );
+                    println!(
+                        "  {} {}",
+                        t::muted("Fingerprint:"),
+                        client.fingerprint
+                    );
+                }
+                Err(e) => {
+                    eprintln!("{} Failed to add client: {}", t::icon_fail(""), e);
+                    std::process::exit(1);
+                }
+            }
+        }
+        
+        PairCommands::Remove { fingerprint } => {
+            match remove_authorized_client(&auth_path, &fingerprint) {
+                Ok(true) => {
+                    println!(
+                        "{} Removed client with fingerprint: {}",
+                        t::icon_ok(""),
+                        fingerprint
+                    );
+                }
+                Ok(false) => {
+                    eprintln!(
+                        "{} No client found with fingerprint: {}",
+                        t::icon_fail(""),
+                        fingerprint
+                    );
+                    std::process::exit(1);
+                }
+                Err(e) => {
+                    eprintln!("{} Failed to remove client: {}", t::icon_fail(""), e);
+                    std::process::exit(1);
+                }
+            }
+        }
+        
+        PairCommands::Qr { host } => {
+            use rustyclaw_core::pairing::{PairingData, generate_pairing_qr_ascii};
+            
+            // Generate gateway pairing data
+            // For now, we use a placeholder key - in production, this would be the host key's public part
+            let data = PairingData::gateway(
+                "ssh-ed25519 (host key would go here)",
+                &host,
+                Some("RustyClaw Gateway".to_string()),
+            );
+            
+            match generate_pairing_qr_ascii(&data) {
+                Ok(qr) => {
+                    println!("{}", t::heading("Gateway Pairing QR Code"));
+                    println!();
+                    println!("{}", qr);
+                    println!();
+                    println!("Scan this QR code with a RustyClaw client to pair.");
+                    println!("Gateway address: {}", t::info(&host));
+                }
+                Err(e) => {
+                    eprintln!("{} Failed to generate QR code: {}", t::icon_fail(""), e);
+                    std::process::exit(1);
+                }
+            }
+        }
+    }
+    
+    Ok(())
+}

crates/rustyclaw-cli/src/commands/mod.rs

@@ -6,6 +6,6 @@ pub mod gateway;
 
 // Re-export handlers for use in main.rs
 pub use gateway::{
-    handle_reload_result, handle_restart, handle_run, handle_start, handle_status, handle_stop,
+    handle_restart, handle_run, handle_start, handle_status, handle_stop,
     parse_gateway_defaults,
 };

crates/rustyclaw-core/Cargo.toml

@@ -23,6 +23,7 @@ mcp = ["dep:rmcp", "dep:schemars"]
 matrix = ["chat-system/matrix"]
 whatsapp = ["chat-system/whatsapp"]
 ssh = ["dep:russh", "dep:russh-keys", "dep:rand_core", "dep:sha2"]
+qr = ["dep:image"]
 # CLI-based messengers (tier 1) - no heavy deps, just HTTP
 # These implementations remain in RustyClaw until PRs are merged into chat-system.
 signal-cli = ["chat-system/signal-cli"]
@@ -104,6 +105,9 @@ russh-keys = { version = "0.44", optional = true }
 rand_core = { version = "0.6", optional = true }
 sha2 = { version = "0.10", optional = true }
 
+# QR code generation (optional)
+image = { version = "0.25", default-features = false, features = ["png"], optional = true }
+
 [target.'cfg(unix)'.dependencies]
 libc = "0.2"