Architecture

Scoring runs through one metered stage, score-booking — Cloud claude-haiku-4-5 (cost-capped, fail-closed) or OSS qwen3:8b recorded on local M4 hardware at $0, prototype default OSS-only. The signal set and the score formula (min(100, 30 + reasons×16 + jitter)) and the auto-hold threshold (75) are the authoritative deterministic rules; the model read rides on top. The stage writes a cost_ledger row visible only in the inspector.

The app owns demo_eco_c6_risk_signal (booking, partner, guest, score, fired reasons, disposition, linked case id). It emits fraud.flagged and dispute.opened (consumed by #21, which opens a linked refund case). The data invariant holds — owner canonical, viewer re-scores and dispositions credential-scoped, ephemeral, and reset-clearing (setWhere-guarded). No real cards or PII; honesty is inspector-only. Stage-2 reads demo_eco_c6_risk_signal behind the same surface.