feat(stripe): capture early fraud warnings for review

[RSO]

Summary

• Capture newly delivered Stripe Early Fraud Warnings as idempotent review_required observations, resolving canonical ownership where safe while preserving the no-enforcement rollout boundary.
• Preserve existing abuse telemetry and record malformed, ambiguous, unmatched, already-disputed, or retrieval-failed warnings for financial review without scheduling side effects.
• Add an admin-only, read-only Financial list for captured warnings with stored account links and safe Stripe correlation identifiers.

Verification

• Not completed: attempted an isolated browser pass for /admin/early-fraud-warnings, but Chrome DevTools MCP could not start because its browser profile was locked by another running browser instance.

Visual Changes

Reviewer Notes

• Originally stacked on feat(stripe): add early fraud warning persistence foundation #3552; that foundation PR merged while this PR was under review, and GitHub retargeted this PR to main.
• Observation-only by design: this PR creates no enforcement actions and performs no blocks, refunds, credit changes, subscription or KiloClaw mutations, payout or reward reversals, or user notices.
• Follow-up review fixes normalize API timestamps, sort timestamp-less observations last, and prevent GDPR-soft-deleted users from being re-linked, including during concurrent deletion.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

Full PR reviewed across all 13 files; observation-only EFW capture is correctly scoped, idempotent, and the SELECT FOR UPDATE + transaction correctly prevents GDPR-deleted users from being re-linked during concurrent deletion.

Files Reviewed (13 files)

• .specs/stripe-early-fraud-warnings.md — observation-only rollout interval spec added cleanly
• .specs/impact-affiliate-tracking.md — unchanged
• .specs/impact-referrals.md — unchanged
• apps/web/src/app/admin/components/AppSidebar.tsx — sidebar entry added correctly
• apps/web/src/app/admin/early-fraud-warnings/EarlyFraudWarningsContent.tsx — read-only admin table; Stripe URLs built correctly; process.env.NODE_ENV usage in client component is safe (Next.js special var)
• apps/web/src/app/admin/early-fraud-warnings/EarlyFraudWarningsContent.test.ts — SSR render test covers key display paths
• apps/web/src/app/admin/early-fraud-warnings/page.tsx — thin page wrapper, no issues
• apps/web/src/lib/stripe/early-fraud-warning.ts — owner resolution correctly wraps SELECT FOR UPDATE + INSERT in a single transaction; early-exit paths (no charge, retrieval failure) use db directly without owner lookup, which is correct
• apps/web/src/lib/stripe/index.ts — preFetchedCharge === undefined sentinel correctly avoids a redundant Stripe charge retrieval when EFW observation already fetched or failed; abuse telemetry continues to fire with available data
• apps/web/src/lib/stripe/index.test.ts — comprehensive integration tests covering personal, org, ambiguous, unmatched, disputed, duplicate, retrieval failure, and concurrent soft-deletion cases; all assert on DB state with no mocks
• apps/web/src/routers/admin-router.ts — router registered under earlyFraudWarnings key
• apps/web/src/routers/admin/stripe-early-fraud-warnings-router.ts — window function count(*) OVER() avoids separate count query; NULLS LAST ordering correct; timestamps normalized via normalizeTimestamp before leaving the API boundary
• apps/web/src/routers/admin/stripe-early-fraud-warnings-router.test.ts — pagination, timestamp normalization, and org/user join tests all present

---

_{Reviewed by claude-sonnet-4.6 · 771,368 tokens}

_{Review guidance: REVIEW.md from base branch main}