Add core modules, web frontend, CLI, keystore, and fieldkit

Core:
- paths.py: centralized ~/.soosef/ path constants
- config.py: JSON config loader with dataclass defaults
- exceptions.py: SoosefError hierarchy
- cli.py: unified Click CLI wrapping stegasoo + verisoo + native commands

Keystore:
- manager.py: unified key management (Ed25519 identity + channel keys)
- models.py: IdentityInfo, KeystoreStatus dataclasses
- export.py: encrypted key bundle export/import for USB transfer

Fieldkit:
- killswitch.py: ordered emergency data destruction (keys first)
- deadman.py: dead man's switch with check-in timer
- tamper.py: SHA-256 file integrity baseline + checking
- usb_monitor.py: pyudev USB whitelist enforcement
- geofence.py: haversine-based GPS boundary checking

Web frontend (Flask app factory + blueprints):
- app.py: create_app() factory with context processor
- blueprints: stego, attest, fieldkit, keys, admin
- templates: base.html (dark theme, unified nav), dashboard, all section pages
- static: CSS, favicon

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontends/web/templates/fieldkit/keys.html

@@ -0,0 +1,52 @@
+{% extends "base.html" %}
+{% block title %}Keys — SooSeF{% endblock %}
+{% block content %}
+<h2><i class="bi bi-key me-2"></i>Key Management</h2>
+<p class="text-muted">Manage Stegasoo channel keys and Verisoo Ed25519 identity.</p>
+
+<div class="row g-4">
+    {# Channel Key #}
+    <div class="col-md-6">
+        <div class="card bg-dark border-secondary">
+            <div class="card-body">
+                <h5 class="card-title"><i class="bi bi-shield-lock me-2 text-warning"></i>Channel Key</h5>
+                {% if keystore.has_channel_key %}
+                <p class="text-muted small">
+                    Fingerprint: <code>{{ keystore.channel_fingerprint }}</code><br>
+                    Used for Stegasoo deployment isolation.
+                </p>
+                {% else %}
+                <p class="text-muted small">No channel key configured.</p>
+                <form method="POST" action="{{ url_for('keys.generate_channel') }}">
+                    <button type="submit" class="btn btn-outline-warning btn-sm">
+                        <i class="bi bi-plus-circle me-1"></i>Generate Channel Key
+                    </button>
+                </form>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+
+    {# Ed25519 Identity #}
+    <div class="col-md-6">
+        <div class="card bg-dark border-secondary">
+            <div class="card-body">
+                <h5 class="card-title"><i class="bi bi-fingerprint me-2 text-info"></i>Identity</h5>
+                {% if keystore.has_identity %}
+                <p class="text-muted small">
+                    Fingerprint: <code>{{ keystore.identity_fingerprint }}</code><br>
+                    Used for Verisoo attestation signing.
+                </p>
+                {% else %}
+                <p class="text-muted small">No identity configured.</p>
+                <form method="POST" action="{{ url_for('keys.generate_identity') }}">
+                    <button type="submit" class="btn btn-outline-info btn-sm">
+                        <i class="bi bi-plus-circle me-1"></i>Generate Identity
+                    </button>
+                </form>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

frontends/web/templates/fieldkit/killswitch.html

@@ -0,0 +1,36 @@
+{% extends "base.html" %}
+{% block title %}Killswitch — SooSeF{% endblock %}
+{% block content %}
+<h2 class="text-danger"><i class="bi bi-exclamation-octagon me-2"></i>Emergency Killswitch</h2>
+<p class="text-muted">Destroy all key material and sensitive data. This action is irreversible.</p>
+
+<div class="card bg-dark border-danger mt-4">
+    <div class="card-body">
+        <h5 class="card-title text-danger">Destruction Order</h5>
+        <ol class="text-muted small">
+            <li>Ed25519 identity keys (signing identity)</li>
+            <li>Stegasoo channel key (deployment binding)</li>
+            <li>Flask session secret (invalidates all sessions)</li>
+            <li>Auth database (user accounts)</li>
+            <li>Attestation log + index (provenance records)</li>
+            <li>Temporary files (staged uploads)</li>
+            <li>Configuration</li>
+            <li>System logs (best-effort)</li>
+        </ol>
+
+        <hr class="border-danger">
+
+        <form method="POST" action="{{ url_for('fieldkit.killswitch') }}">
+            <input type="hidden" name="action" value="fire">
+            <div class="mb-3">
+                <label class="form-label text-danger fw-bold">Type CONFIRM-PURGE to proceed:</label>
+                <input type="text" name="confirm" class="form-control bg-dark border-danger text-danger"
+                       placeholder="CONFIRM-PURGE" autocomplete="off">
+            </div>
+            <button type="submit" class="btn btn-danger">
+                <i class="bi bi-exclamation-octagon me-1"></i>Execute Purge
+            </button>
+        </form>
+    </div>
+</div>
+{% endblock %}

frontends/web/templates/fieldkit/status.html

@@ -0,0 +1,58 @@
+{% extends "base.html" %}
+{% block title %}Fieldkit Status — SooSeF{% endblock %}
+{% block content %}
+<h2><i class="bi bi-speedometer2 me-2"></i>Fieldkit Status</h2>
+<p class="text-muted">Security monitors and system health.</p>
+
+<div class="row g-4">
+    {# Dead Man's Switch #}
+    <div class="col-md-6">
+        <div class="card bg-dark border-secondary">
+            <div class="card-body">
+                <h5 class="card-title">
+                    <i class="bi bi-clock-history me-2"></i>Dead Man's Switch
+                    {% if deadman_status.armed %}
+                        {% if deadman_status.overdue %}
+                        <span class="badge bg-danger ms-2">OVERDUE</span>
+                        {% else %}
+                        <span class="badge bg-success ms-2">Armed</span>
+                        {% endif %}
+                    {% else %}
+                    <span class="badge bg-secondary ms-2">Disarmed</span>
+                    {% endif %}
+                </h5>
+                {% if deadman_status.armed %}
+                <p class="text-muted small">
+                    Interval: {{ deadman_status.interval_hours }}h
+                    ({{ deadman_status.grace_hours }}h grace)<br>
+                    Last check-in: {{ deadman_status.last_checkin or 'Never' }}<br>
+                    {% if deadman_status.get('next_due') %}
+                    Next due: {{ deadman_status.next_due }}
+                    {% endif %}
+                </p>
+                <form method="POST" action="{{ url_for('fieldkit.deadman_checkin') }}">
+                    <button type="submit" class="btn btn-success btn-sm">
+                        <i class="bi bi-check-circle me-1"></i>Check In Now
+                    </button>
+                </form>
+                {% else %}
+                <p class="text-muted small">Not currently armed. Enable in config or via CLI.</p>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+
+    {# Killswitch #}
+    <div class="col-md-6">
+        <div class="card bg-dark border-secondary">
+            <div class="card-body">
+                <h5 class="card-title"><i class="bi bi-exclamation-octagon me-2 text-danger"></i>Killswitch</h5>
+                <p class="text-muted small">Emergency data destruction. Destroys all keys, attestation logs, and auth data.</p>
+                <a href="{{ url_for('fieldkit.killswitch') }}" class="btn btn-outline-danger btn-sm">
+                    <i class="bi bi-exclamation-octagon me-1"></i>Killswitch Panel
+                </a>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}