Per Cobb 2026-05-09 directive: after the audit + preprod E2E green-light
(6/6 builders, 9 successful txs, 0 failures), drop the compile-time gate
and integrate escrow as a default-on feature. The "not third-party
audited" framing becomes a runtime notice carried by escrow_open_unsigned
rather than a Cargo feature.
Changes:
- aldabra-dao/Cargo.toml: drop [features] block + escrow_wip = []
- aldabra-dao/src/agora/mod.rs: pub mod escrow (no cfg gate)
- aldabra-dao/src/builder/mod.rs: 6 escrow_* modules unconditional
- aldabra-mcp/Cargo.toml: drop features = ["escrow_wip"] from dao dep
- aldabra-mcp/src/tools.rs:
- Drop "WIP — UNAUDITED:" prefix from all 6 escrow tool descriptions
- Drop "wip_warning" JSON field from all 6 spend-tool responses
- Add "audit_notice" field on escrow_open_unsigned response only
(per Cobb's framing — once-per-escrow-conversation, not repeated
on every subsequent tool)
- Update section header comment to reflect post-WIP status
- 7 escrow source files (1 agora + 6 builder): replace
"WIP / UNAUDITED. Feature-gated behind escrow_wip" docstring with
"Not third-party audited — preprod-only" + audit doc reference
Verified: 133 dao tests pass (was 132 under --features escrow_wip;
+1 from the rejects_no_initial_contributor test that's now always
compiled). aldabra-mcp release build clean.
The runtime audit_notice on escrow_open_unsigned reads:
"This escrow validator has had an internal review and a 9-tx preprod
E2E pass, but has NOT been audited by an external third party. Use
at your own risk. If the user is opening this with anything beyond
test-net or low-value funds, pass this notice along and confirm they
accept the risk. Validator hash: a8081acef26935d9b5f44b92052178e17301b6d6e6808c91c5b56f5d."
This carries the same caveat the WIP framing did, but in a form the
calling agent can surface inline to the user opening the escrow.
Kayos
30a7137de5