Stable network identity from device id

[jamiepine]

This PR addresses critical network identity issues by deriving the Iroh node_id deterministically from the stable device_id (from device.json) instead of the device_key (from keyring). It also configures Iroh state persistence.

This change fixes:

• Pairing instability caused by keyring resets.
• Fragile network identity persistence across OS updates/migrations.
• Lack of Iroh state persistence.

Breaking Change: All devices must re-pair after updating to this version. This is acceptable for prerelease.

Closes #XXXX

---

 

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[cursor]

PR Summary

Breaking: Network identity now derives from device_id (not keyring device_key), stabilizing NodeId across keyring resets/OS changes and requiring re-pairing.

• Networking: NetworkingService::new uses NetworkIdentity::from_device_id(device_id) and logs device_id/node_id
• Persistence: creates {config_dir}/iroh/ and binds via Endpoint::builder().bind_data_dir(...)
• State: NetworkingService stores device_id and exposes it via device_id()
• Identity: new from_device_id HKDF-SHA256 derivation; adds tests for determinism and validity
• Discovery/endpoint config unchanged aside from persistence hook; minor logging improvements
• Docs: update Devices/Pairing to document identity derivation and storage paths
• Changelog: notes breaking change and fixes for pairing instability and missing Iroh persistence

^{Written by Cursor Bugbot for commit b6161f9. Configure here.}

[jamiepine]

@cursor remove the changelog we use git tags

[cursor]

Removed CHANGELOG.md from the PR.

---

 

_{Learn more about Cursor Agents}

[tembo]

The Iroh data directory is created here but then the path is recomputed in start() at line 225. Consider storing iroh_data_dir directly instead of recomputing it from data_dir.