修复资产计费边界风险

资产生成预扣费改为 fail-closed，避免钱包异常时继续调用外部生成

新增钱包退款 outbox，退款失败时本地落盘并后台重放

拼图首图后台任务改用 SpacetimeDB claim 表实现跨实例互斥

计费 ledger id 统一绑定 request_id，并让前端重试复用 x-request-id

同步 SpacetimeDB bindings、后端架构文档和 Hermes 决策记录

server-rs/crates/api-server/src/puzzle.rs

@@ -1,6 +1,5 @@
 use std::{
-    collections::{BTreeMap, HashSet},
-    sync::{Mutex, OnceLock},
+    collections::BTreeMap,
     time::{Instant, SystemTime, UNIX_EPOCH},
 };
 
@@ -56,17 +55,19 @@ use spacetime_client::{
     PuzzleAgentMessageRecord, PuzzleAgentMessageSubmitRecordInput,
     PuzzleAgentSessionCreateRecordInput, PuzzleAgentSessionRecord,
     PuzzleAgentSuggestedActionRecord, PuzzleAnchorItemRecord, PuzzleAnchorPackRecord,
-    PuzzleAudioAssetRecord, PuzzleCreatorIntentRecord, PuzzleDraftCompileFailureRecordInput,
-    PuzzleDraftLevelRecord, PuzzleFormDraftRecord, PuzzleFormDraftSaveRecordInput,
-    PuzzleGeneratedImageCandidateRecord, PuzzleGeneratedImagesSaveRecordInput,
-    PuzzleLeaderboardEntryRecord, PuzzleLeaderboardSubmitRecordInput, PuzzlePublishRecordInput,
-    PuzzleRecommendedNextWorkRecord, PuzzleResultDraftRecord, PuzzleResultPreviewBlockerRecord,
-    PuzzleResultPreviewFindingRecord, PuzzleResultPreviewRecord, PuzzleRunDragRecordInput,
-    PuzzleRunPauseRecordInput, PuzzleRunPropRecordInput, PuzzleRunRecord,
-    PuzzleRunStartRecordInput, PuzzleRunSwapRecordInput, PuzzleSelectCoverImageRecordInput,
-    PuzzleUiBackgroundSaveRecordInput, PuzzleWorkLikeReportRecordInput,
-    PuzzleWorkPointIncentiveClaimRecordInput, PuzzleWorkProfileRecord, PuzzleWorkRemixRecordInput,
-    PuzzleWorkUpsertRecordInput, SpacetimeClientError,
+    PuzzleAudioAssetRecord, PuzzleBackgroundCompileTaskClaimRecordInput,
+    PuzzleBackgroundCompileTaskReleaseRecordInput, PuzzleCreatorIntentRecord,
+    PuzzleDraftCompileFailureRecordInput, PuzzleDraftLevelRecord, PuzzleFormDraftRecord,
+    PuzzleFormDraftSaveRecordInput, PuzzleGeneratedImageCandidateRecord,
+    PuzzleGeneratedImagesSaveRecordInput, PuzzleLeaderboardEntryRecord,
+    PuzzleLeaderboardSubmitRecordInput, PuzzlePublishRecordInput, PuzzleRecommendedNextWorkRecord,
+    PuzzleResultDraftRecord, PuzzleResultPreviewBlockerRecord, PuzzleResultPreviewFindingRecord,
+    PuzzleResultPreviewRecord, PuzzleRunDragRecordInput, PuzzleRunPauseRecordInput,
+    PuzzleRunPropRecordInput, PuzzleRunRecord, PuzzleRunStartRecordInput, PuzzleRunSwapRecordInput,
+    PuzzleSelectCoverImageRecordInput, PuzzleUiBackgroundSaveRecordInput,
+    PuzzleWorkLikeReportRecordInput, PuzzleWorkPointIncentiveClaimRecordInput,
+    PuzzleWorkProfileRecord, PuzzleWorkRemixRecordInput, PuzzleWorkUpsertRecordInput,
+    SpacetimeClientError,
 };
 use std::convert::Infallible;
 
@@ -134,38 +135,51 @@ const PUZZLE_UI_BACKGROUND_PROMPT_FALLBACK_MARKER: &str =
 const PUZZLE_VECTOR_ENGINE_SQUARE_IMAGE_SIZE: &str = "1024x1024";
 const PUZZLE_VECTOR_ENGINE_PORTRAIT_IMAGE_SIZE: &str = "1024x1536";
 
-static PUZZLE_BACKGROUND_COMPILE_TASKS: OnceLock<Mutex<HashSet<String>>> = OnceLock::new();
-
-fn puzzle_background_compile_tasks() -> &'static Mutex<HashSet<String>> {
-    PUZZLE_BACKGROUND_COMPILE_TASKS.get_or_init(|| Mutex::new(HashSet::new()))
+fn build_puzzle_background_compile_task_id(session_id: &str) -> String {
+    format!("puzzle_initial_background:{session_id}")
 }
 
-fn try_register_puzzle_background_compile_task(session_id: &str) -> bool {
-    match puzzle_background_compile_tasks().lock() {
-        Ok(mut tasks) => tasks.insert(session_id.to_string()),
-        Err(error) => {
+fn build_puzzle_background_compile_claim_id(task_id: &str, request_id: &str) -> String {
+    format!("{task_id}:{request_id}")
+}
+
+async fn release_claimed_puzzle_background_compile_task(
+    state: &PuzzleApiState,
+    task_id: &str,
+    claim_id: &str,
+    session_id: &str,
+    owner_user_id: &str,
+) {
+    let result = state
+        .spacetime_client()
+        .release_puzzle_background_compile_task(PuzzleBackgroundCompileTaskReleaseRecordInput {
+            task_id: task_id.to_string(),
+            claim_id: claim_id.to_string(),
+            session_id: session_id.to_string(),
+            owner_user_id: owner_user_id.to_string(),
+        })
+        .await;
+    match result {
+        Ok(true) => {}
+        Ok(false) => {
             tracing::warn!(
                 provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                task_id,
+                claim_id,
                 session_id,
-                error = %error,
-                "拼图后台生成任务注册表锁已损坏，允许本次任务继续"
+                owner_user_id,
+                "拼图首图后台生成任务释放未命中当前 claim"
             );
-            true
-        }
-    }
-}
-
-fn unregister_puzzle_background_compile_task(session_id: &str) {
-    match puzzle_background_compile_tasks().lock() {
-        Ok(mut tasks) => {
-            tasks.remove(session_id);
         }
         Err(error) => {
             tracing::warn!(
                 provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                task_id,
+                claim_id,
                 session_id,
+                owner_user_id,
                 error = %error,
-                "拼图后台生成任务注册表解锁失败，忽略清理"
+                "拼图首图后台生成任务释放失败"
             );
         }
     }