refactor: remove dead code and #[allow(dead_code)] annotations

Removed unused sync podman_command/docker_command methods.
Removed dead_code annotations from User and AuthManager (now actively used).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

core/archipelago/src/auth.rs

@@ -67,7 +67,6 @@ struct OnboardingState {
     complete: bool,
 }
 
-#[allow(dead_code)]
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct User {
     pub password_hash: String,
@@ -80,12 +79,10 @@ pub struct User {
     pub role: UserRole,
 }
 
-#[allow(dead_code)]
 pub struct AuthManager {
     data_dir: PathBuf,
 }
 
-#[allow(dead_code)]
 impl AuthManager {
     pub fn new(data_dir: PathBuf) -> Self {
         Self { data_dir }

core/container/src/podman_client.rs

@@ -66,18 +66,6 @@ impl PodmanClient {
         }
     }
     
-    #[allow(dead_code)]
-    fn podman_command(&self) -> Command {
-        let mut cmd = Command::new("podman");
-        if self.rootless {
-            // Use actual HOME environment variable instead of hardcoded /home
-            if let Ok(home) = std::env::var("HOME") {
-                cmd.env("HOME", home);
-            }
-        }
-        cmd
-    }
-    
     fn podman_async(&self) -> TokioCommand {
         // Always use sudo podman to access system-wide containers
         let mut cmd = TokioCommand::new("sudo");

core/container/src/runtime.rs

@@ -99,15 +99,6 @@ impl DockerRuntime {
         cmd
     }
 
-    #[allow(dead_code)]
-    fn docker_command(&self) -> Command {
-        let mut cmd = Command::new("docker");
-        // Use actual HOME environment variable instead of hardcoded /home
-        if let Ok(home) = std::env::var("HOME") {
-            cmd.env("HOME", home);
-        }
-        cmd
-    }
 }
 
 #[async_trait]

loop/plan.md

@@ -76,7 +76,7 @@
 
 - [x] **Enforce RBAC in RPC handler**: Read `core/archipelago/src/auth.rs` — find the `UserRole` enum and `can_access()` method. Then read `core/archipelago/src/api/rpc/mod.rs` — find where authenticated requests are dispatched to handlers. Add a role check before dispatching: after validating the session, get the user's role, call `role.can_access(method_name)`, and return an authorization error if denied. For now, all users created via onboarding should default to `Admin` role (single-user system), but this lays the groundwork for multi-user. Run `cargo clippy --all-targets --all-features && cargo test --all-features` on the dev server.
 
-- [ ] **Remove dead code and #[allow(dead_code)]**: Search `core/` for all `#[allow(dead_code)]` and `#[allow(unused)]` annotations. For each: (1) if the code is genuinely unused and not part of a planned feature, delete it, (2) if it should be used (like RBAC — now wired up in previous task), remove the allow annotation. Key file: `core/archipelago/src/auth.rs` lines ~70, 83, 88. Run `cargo clippy --all-targets --all-features` to verify no new warnings.
+- [x] **Remove dead code and #[allow(dead_code)]**: Search `core/` for all `#[allow(dead_code)]` and `#[allow(unused)]` annotations. For each: (1) if the code is genuinely unused and not part of a planned feature, delete it, (2) if it should be used (like RBAC — now wired up in previous task), remove the allow annotation. Key file: `core/archipelago/src/auth.rs` lines ~70, 83, 88. Run `cargo clippy --all-targets --all-features` to verify no new warnings.
 
 - [ ] **Deploy and verify backend fixes**: Run `./scripts/deploy-to-target.sh --live`. After deploy: (1) verify login still works at `http://192.168.1.228` (password: `password123`), (2) verify session persists after navigating between pages, (3) check logs for any new errors: `ssh archipelago@192.168.1.228 'sudo journalctl -u archipelago --since "2 min ago" | grep -i error'`.