Fix all 98 ruff lint errors across codebase

- Remove unused imports (app.py, stego_routes.py, killswitch.py, etc.)
- Sort import blocks (I001)
- Add missing os import in stego_routes.py (F821)
- Rename shadowed Click commands to avoid F811 (status→chain_status, show→chain_show)
- Rename uppercase locals R→earth_r, _HAS_QRCODE_READ→_has_qrcode_read (N806)
- Suppress false-positive F821 for get_username (closure scope)
- Use datetime.UTC alias (UP017)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/soosef/audit.py

@@ -36,7 +36,7 @@ from __future__ import annotations
 import json
 import logging
 import threading
-from datetime import datetime, timezone
+from datetime import UTC, datetime
 from pathlib import Path
 from typing import Literal
 
@@ -82,7 +82,7 @@ def log_action(
         detail:  Optional free-text annotation (avoid PII where possible).
     """
     entry: dict[str, str] = {
-        "timestamp": datetime.now(tz=timezone.utc).isoformat(),
+        "timestamp": datetime.now(tz=UTC).isoformat(),
         "actor": actor,
         "action": action,
         "target": target,

src/soosef/cli.py

@@ -48,9 +48,9 @@ def main(ctx, data_dir, json_output):
 @click.pass_context
 def init(ctx, no_identity, no_channel):
     """Initialize a new SooSeF instance — generate keys and create directory structure."""
-    from soosef.paths import ensure_dirs
-    from soosef.keystore.manager import KeystoreManager
     from soosef.config import SoosefConfig
+    from soosef.keystore.manager import KeystoreManager
+    from soosef.paths import ensure_dirs
 
     click.echo("Initializing SooSeF...")
     ensure_dirs()
@@ -103,7 +103,7 @@ def serve(host, port, no_https, debug):
 
     ssl_context = None
     if config.https_enabled:
-        from soosef.paths import SSL_CERT, SSL_KEY, CERTS_DIR
+        from soosef.paths import CERTS_DIR, SSL_CERT, SSL_KEY
 
         CERTS_DIR.mkdir(parents=True, exist_ok=True)
         if not SSL_CERT.exists():
@@ -173,11 +173,12 @@ def _start_deadman_thread(interval_seconds: int = 60) -> threading.Thread | None
 
 def _generate_self_signed_cert(cert_path: Path, key_path: Path) -> None:
     """Generate a self-signed certificate for development/local use."""
+    from datetime import UTC, datetime, timedelta
+
     from cryptography import x509
     from cryptography.hazmat.primitives import hashes, serialization
     from cryptography.hazmat.primitives.asymmetric import rsa
     from cryptography.x509.oid import NameOID
-    from datetime import datetime, timedelta, UTC
 
     key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
     subject = issuer = x509.Name(
@@ -738,7 +739,7 @@ def show():
 def export_keys(output, password):
     """Export all keys to an encrypted bundle file."""
     from soosef.keystore.export import export_bundle
-    from soosef.paths import IDENTITY_DIR, CHANNEL_KEY_FILE
+    from soosef.paths import CHANNEL_KEY_FILE, IDENTITY_DIR
 
     export_bundle(IDENTITY_DIR, CHANNEL_KEY_FILE, output, password.encode())
     click.echo(f"Key bundle exported to: {output}")
@@ -750,7 +751,7 @@ def export_keys(output, password):
 def import_keys(bundle, password):
     """Import keys from an encrypted bundle file."""
     from soosef.keystore.export import import_bundle
-    from soosef.paths import IDENTITY_DIR, CHANNEL_KEY_FILE
+    from soosef.paths import CHANNEL_KEY_FILE, IDENTITY_DIR
 
     imported = import_bundle(bundle, IDENTITY_DIR, CHANNEL_KEY_FILE, password.encode())
     click.echo(f"Imported: {', '.join(imported.keys())}")
@@ -836,9 +837,9 @@ def chain():
     pass
 
 
-@chain.command()
+@chain.command("status")
 @click.pass_context
-def status(ctx):
+def chain_status(ctx):
     """Show chain status — head index, chain ID, record count."""
     from soosef.federation.chain import ChainStore
     from soosef.paths import CHAIN_DIR
@@ -899,10 +900,10 @@ def verify():
         raise SystemExit(1)
 
 
-@chain.command()
+@chain.command("show")
 @click.argument("index", type=int)
 @click.pass_context
-def show(ctx, index):
+def chain_show(ctx, index):
     """Show a specific chain record by index."""
     from soosef.exceptions import ChainError
     from soosef.federation.chain import ChainStore

src/soosef/config.py

@@ -6,7 +6,7 @@ Config is intentionally simple — a flat JSON file with sensible defaults.
 """
 
 import json
-from dataclasses import dataclass, field
+from dataclasses import dataclass
 from pathlib import Path
 
 from soosef.paths import CONFIG_FILE

src/soosef/fieldkit/__init__.py

@@ -5,7 +5,7 @@ Killswitch, dead man's switch, tamper detection, USB monitoring.
 All features are opt-in and disabled by default.
 """
 
-from soosef.fieldkit.killswitch import PurgeScope, execute_purge
 from soosef.fieldkit.deadman import DeadmanSwitch
+from soosef.fieldkit.killswitch import PurgeScope, execute_purge
 
 __all__ = ["PurgeScope", "execute_purge", "DeadmanSwitch"]

src/soosef/fieldkit/geofence.py

@@ -28,14 +28,14 @@ class GeoCircle:
 
 def haversine_distance(lat1: float, lon1: float, lat2: float, lon2: float) -> float:
     """Distance in meters between two lat/lon points."""
-    R = 6371000  # Earth radius in meters
+    earth_r = 6371000  # Earth radius in meters
     phi1 = math.radians(lat1)
     phi2 = math.radians(lat2)
     dphi = math.radians(lat2 - lat1)
     dlambda = math.radians(lon2 - lon1)
 
     a = math.sin(dphi / 2) ** 2 + math.cos(phi1) * math.cos(phi2) * math.sin(dlambda / 2) ** 2
-    return R * 2 * math.atan2(math.sqrt(a), math.sqrt(1 - a))
+    return earth_r * 2 * math.atan2(math.sqrt(a), math.sqrt(1 - a))
 
 
 def is_inside(fence: GeoCircle, lat: float, lon: float) -> bool:

src/soosef/fieldkit/killswitch.py

@@ -18,7 +18,6 @@ import subprocess
 from dataclasses import dataclass, field
 from pathlib import Path
 
-from soosef.exceptions import KillswitchError
 import soosef.paths as paths
 
 logger = logging.getLogger(__name__)