feat: v0.7.2 — portmapper (UPnP+PCP+NAT-PMP), session-relay opt-in, URL Phase 1

Network/reachability improvements + a relay-privacy fix. Wire-compatible
with v0.7.0/v0.7.1; no protocol changes.

- Replace hand-rolled UPnP (igd-next) with the portmapper crate. All three
  protocols (UPnP-IGD / NAT-PMP / PCP) run in parallel, auto-renew
  internally. PCP adds IPv6 firewall pinholes and works on iOS without
  the multicast entitlement. Pulled in transitively via iroh already, no
  net dep growth.
- Android: UPnP/PCP/NAT-PMP attempted on WiFi/Ethernet with a
  WifiManager.MulticastLock acquired for the lifetime of the mapping.
  Cellular skipped early (no UPnP/PCP gateway, avoid 3s discovery waste).
- TCP port-mapping gate removed for mobile — phones with permissive NAT
  can now serve HTTP for direct browser fetches.
- Anchor reachability watcher (bidirectional): clears is_anchor after
  >5min of no port mapping; restores it when the mapping comes back.
  Network roams self-heal without restart. Mobile never auto-anchors.
- Session relay opt-in restored. relay.session_relay_enabled setting
  defaults OFF (anchors included — servers shouldn't silently burn
  bandwidth either). Gates both serving (can_accept_relay_pipe) and
  using (auto-fallback in node.rs). UI toggle in Settings. Relay-style
  signaling (RelayIntroduce / worm_lookup / N1-N3 shares) unaffected.
- URL Phase 1: share links now contain only the post ID
  (itsgoin.net/p/<post>). Anchor handler already supported post-ID-only
  URLs (author was optional); just dropped the author hex from the
  generator. Older URLs with author hex continue to work.
- Quick app close button in header (with confirm) — useful for stopping
  network activity between sessions on mobile.
- JNI null-pointer guards on ndk_context handles in android_wifi.rs.

MEMORY rule sharpened to distinguish session relay (byte pipe, opt-in)
from relay-style signaling/discovery (always on).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

crates/tauri-app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "itsgoin-desktop"
-version = "0.7.1"
+version = "0.7.2"
 edition = "2021"
 
 [lib]

crates/tauri-app/src/lib.rs

@@ -1142,6 +1142,11 @@ async fn list_vouches_given(state: State<'_, AppNode>) -> Result<Vec<VouchGivenD
     }).collect())
 }
 
+#[tauri::command]
+async fn exit_app(app: tauri::AppHandle) {
+    app.exit(0);
+}
+
 #[tauri::command]
 async fn list_vouches_received(state: State<'_, AppNode>) -> Result<Vec<VouchReceivedDto>, String> {
     let node = get_node(&state).await;
@@ -1698,6 +1703,25 @@ async fn set_update_channel(state: State<'_, AppNode>, channel: String) -> Resul
     storage.set_setting("ui_update_channel", &channel).map_err(|e| e.to_string())
 }
 
+#[tauri::command]
+async fn get_session_relay_enabled(state: State<'_, AppNode>) -> Result<bool, String> {
+    let node = get_node(&state).await;
+    Ok(node.network.conn_handle().is_session_relay_enabled().await)
+}
+
+#[tauri::command]
+async fn set_session_relay_enabled(state: State<'_, AppNode>, enabled: bool) -> Result<(), String> {
+    let node = get_node(&state).await;
+    {
+        let storage = node.storage.get().await;
+        storage
+            .set_setting("relay.session_relay_enabled", if enabled { "true" } else { "false" })
+            .map_err(|e| e.to_string())?;
+    }
+    node.network.conn_handle().set_session_relay_enabled(enabled).await;
+    Ok(())
+}
+
 /// Open a URL in the user's default system browser.
 /// Desktop: spawns the platform opener (xdg-open / open / cmd start).
 /// Only https:// URLs are accepted to avoid being a generic command exec.
@@ -3380,6 +3404,9 @@ pub fn run() {
             import_as_new_identity,
             import_as_personas_cmd,
             import_merge_with_key,
+            exit_app,
+            get_session_relay_enabled,
+            set_session_relay_enabled,
         ])
         .build(tauri::generate_context!())
         .expect("error while building tauri application")

crates/tauri-app/tauri.conf.json

@@ -1,6 +1,6 @@
 {
   "productName": "itsgoin",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "identifier": "com.itsgoin.app",
   "build": {
     "frontendDist": "../../frontend",