@stelis/say-ur-intent 0.0.0 → 0.0.2

package/dist/core/preferences/sqlitePreferencesRepository.js

@@ -0,0 +1,136 @@
+import { PreferencesStoreError, assertLocalSettingKey } from "./preferencesStore.js";
+import { parseGraphqlUrl, parseGrpcUrl } from "../suiEndpoint.js";
+export class SqlitePreferencesRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async ensureDefaultLocalSettings(defaults, now = new Date()) {
+        const insert = this.db.prepare(`INSERT INTO local_settings (key, value_json, updated_at)
+       VALUES (?, ?, ?)
+       ON CONFLICT(key) DO NOTHING`);
+        insert.run("suiGrpcUrl", encodeSettingValue("suiGrpcUrl", defaults.suiGrpcUrl), now.toISOString());
+        insert.run("suiGraphqlUrl", encodeSettingValue("suiGraphqlUrl", defaults.suiGraphqlUrl), now.toISOString());
+    }
+    async getSuiGrpcUrl() {
+        const record = await this.getLocalSetting("suiGrpcUrl");
+        return record
+            ? {
+                key: "suiGrpcUrl",
+                value: asSuiGrpcUrlValue(record.value),
+                updatedAt: record.updatedAt
+            }
+            : undefined;
+    }
+    async getSuiGraphqlUrl() {
+        const record = await this.getLocalSetting("suiGraphqlUrl");
+        return record
+            ? {
+                key: "suiGraphqlUrl",
+                value: asSuiGraphqlUrlValue(record.value),
+                updatedAt: record.updatedAt
+            }
+            : undefined;
+    }
+    async setSuiGrpcUrl(url, now = new Date()) {
+        const previous = await this.getSuiGrpcUrl();
+        const record = await this.setLocalSetting("suiGrpcUrl", url, now);
+        return {
+            storedValue: asSuiGrpcUrlValue(record.value),
+            previousStoredValue: previous?.value,
+            updatedAt: record.updatedAt
+        };
+    }
+    async setSuiGraphqlUrl(url, now = new Date()) {
+        const previous = await this.getSuiGraphqlUrl();
+        const record = await this.setLocalSetting("suiGraphqlUrl", url, now);
+        return {
+            storedValue: asSuiGraphqlUrlValue(record.value),
+            previousStoredValue: previous?.value,
+            updatedAt: record.updatedAt
+        };
+    }
+    async resetSuiGrpcUrl(defaultUrl, now = new Date()) {
+        return this.setSuiGrpcUrl(defaultUrl, now);
+    }
+    async resetSuiGraphqlUrl(defaultUrl, now = new Date()) {
+        return this.setSuiGraphqlUrl(defaultUrl, now);
+    }
+    async getLocalSetting(key) {
+        const settingKey = assertLocalSettingKey(key);
+        const row = this.db
+            .prepare(`SELECT key, value_json, updated_at
+         FROM local_settings
+         WHERE key = ?`)
+            .get(settingKey);
+        return row ? rowToLocalSetting(row) : undefined;
+    }
+    async setLocalSetting(key, value, now = new Date()) {
+        const settingKey = assertLocalSettingKey(key);
+        this.db
+            .prepare(`INSERT INTO local_settings (key, value_json, updated_at)
+         VALUES (?, ?, ?)
+         ON CONFLICT(key) DO UPDATE SET
+           value_json = excluded.value_json,
+           updated_at = excluded.updated_at`)
+            .run(settingKey, encodeSettingValue(settingKey, value), now.toISOString());
+        const record = await this.getLocalSetting(settingKey);
+        if (!record) {
+            throw new PreferencesStoreError("not_recorded", "Local setting was not recorded", { key: settingKey });
+        }
+        return record;
+    }
+}
+function rowToLocalSetting(row) {
+    const key = assertLocalSettingKey(row.key);
+    return {
+        key,
+        value: decodeSettingValue(key, row.value_json),
+        updatedAt: row.updated_at
+    };
+}
+function encodeSettingValue(key, value) {
+    if (key === "suiGrpcUrl") {
+        if (typeof value !== "string") {
+            throw new PreferencesStoreError("invalid_value", "suiGrpcUrl setting value must be a string", { key });
+        }
+        return JSON.stringify(parseGrpcUrl(value));
+    }
+    if (key === "suiGraphqlUrl") {
+        if (typeof value !== "string") {
+            throw new PreferencesStoreError("invalid_value", "suiGraphqlUrl setting value must be a string", { key });
+        }
+        return JSON.stringify(parseGraphqlUrl(value));
+    }
+    throw new PreferencesStoreError("unknown_key", "Unknown local setting key", { key });
+}
+function decodeSettingValue(key, valueJson) {
+    let parsed;
+    try {
+        parsed = JSON.parse(valueJson);
+    }
+    catch {
+        throw new PreferencesStoreError("malformed_json", "Malformed local setting JSON", { key });
+    }
+    if (key === "suiGrpcUrl") {
+        return asSuiGrpcUrlValue(parsed);
+    }
+    if (key === "suiGraphqlUrl") {
+        return asSuiGraphqlUrlValue(parsed);
+    }
+    throw new PreferencesStoreError("unknown_key", "Unknown local setting key", { key });
+}
+function asSuiGraphqlUrlValue(value) {
+    if (typeof value !== "string") {
+        throw new PreferencesStoreError("invalid_value", "suiGraphqlUrl setting value must be a string", {
+            key: "suiGraphqlUrl"
+        });
+    }
+    return parseGraphqlUrl(value);
+}
+function asSuiGrpcUrlValue(value) {
+    if (typeof value !== "string") {
+        throw new PreferencesStoreError("invalid_value", "suiGrpcUrl setting value must be a string", { key: "suiGrpcUrl" });
+    }
+    return parseGrpcUrl(value);
+}

package/dist/core/proposal/externalProposalReview.js

@@ -0,0 +1,347 @@
+import { randomUUID } from "node:crypto";
+import { EXTERNAL_PROPOSAL_CONTRACT_VERSION, PROPOSAL_REVIEW_MODEL_VERSION, EXTERNAL_PROPOSAL_REVIEW_ALWAYS_UNSUPPORTED_CLAIMS } from "./types.js";
+import { externalProposalSchema } from "./schemas.js";
+const REJECTED_EXECUTABLE_FIELDS = [
+    "transactionBytes",
+    "serializedTransaction",
+    "signingRequest",
+    "signature",
+    "privateKey",
+    "secretKey",
+    "seed",
+    "mnemonic",
+    "routeSelectedPlan"
+];
+export function externalProposalToActionPlan(proposal, now = new Date()) {
+    const sanitizedProposal = externalProposalSchema.parse(proposal);
+    const reviewModel = proposalReviewModel(sanitizedProposal, now);
+    return {
+        id: `plan_${randomUUID()}`,
+        actionKind: sanitizedProposal.type,
+        adapterId: "external-proposal-review",
+        protocol: "Sui",
+        title: reviewModel.proposedAction.title,
+        summary: "This local review records an external proposal as untrusted structured input. It is non-signable and does not include transaction bytes, signing data, wallet authorization, route selection, fiat cash-out, P&L, tax, or cost-basis support.",
+        assetFlowPreview: {
+            outgoing: reviewModel.assetFlow.outgoing.map(toDisplayIntentAmount),
+            expectedIncoming: reviewModel.assetFlow.expectedIncoming.map(toDisplayIntentAmount),
+            ...(reviewModel.assetFlow.fees.length > 0
+                ? { fees: reviewModel.assetFlow.fees.map(toDisplayIntentAmount) }
+                : {})
+        },
+        reviewModel,
+        adapterData: {
+            requestedIntent: sanitizedProposal,
+            implementationStatus: "read_only_review_only",
+            contractVersion: EXTERNAL_PROPOSAL_CONTRACT_VERSION
+        },
+        createdAt: now.toISOString(),
+        ...(sanitizedProposal.expiresAt ? { expiresAt: sanitizedProposal.expiresAt } : {}),
+        preliminaryChecks: reviewModel.blockingChecks
+    };
+}
+function proposalReviewModel(proposal, now) {
+    const freshness = freshnessSummary(proposal, now);
+    const missingEvidence = missingEvidenceForProposal(proposal);
+    const requiredUserChoices = requiredUserChoicesForProposal(proposal);
+    const blockingChecks = blockingChecksForProposal(proposal, freshness.status);
+    const { title, recipient, target } = proposedActionDisplay(proposal);
+    const assetFlow = assetFlowForProposal(proposal);
+    const recipients = recipientsForProposal(proposal);
+    const targets = targetsForProposal(proposal);
+    return {
+        modelVersion: PROPOSAL_REVIEW_MODEL_VERSION,
+        contractVersion: EXTERNAL_PROPOSAL_CONTRACT_VERSION,
+        proposalId: proposal.id,
+        proposalType: proposal.type,
+        proposalSource: proposal.source,
+        proposedAction: {
+            kind: proposal.type,
+            title,
+            purpose: proposal.purpose,
+            network: proposal.network,
+            ...(recipient ? { recipient } : {}),
+            ...(target ? { target } : {})
+        },
+        assetFlow,
+        recipients,
+        targets,
+        evidenceUsed: [
+            {
+                id: "external_proposal_contract",
+                label: "External proposal contract",
+                source: "local_schema",
+                summary: "The proposal matched the read-only external proposal schema and was stored as untrusted review input."
+            },
+            {
+                id: "proposal_declared_network",
+                label: "Declared network",
+                source: "external_proposal",
+                summary: `The proposal declares ${proposal.network}. This is not a connected-chain verification.`
+            },
+            {
+                id: "proposal_display_amounts",
+                label: "Display proposal amounts",
+                source: "external_proposal",
+                summary: "Returned amount fields are display proposal facts only and are not raw amounts, min-out values, or signing input."
+            }
+        ],
+        missingEvidence,
+        requiredUserChoices,
+        unsupportedClaims: [
+            ...EXTERNAL_PROPOSAL_REVIEW_ALWAYS_UNSUPPORTED_CLAIMS,
+            ...(proposal.assumptions && proposal.assumptions.length > 0
+                ? [{
+                        id: "source_assumptions_unverified",
+                        label: "Source assumptions",
+                        reason: "Source assumptions are displayed for review but are not verified by this read-only ingestion step."
+                    }]
+                : [])
+        ],
+        rejectedExecutableFields: REJECTED_EXECUTABLE_FIELDS.map((fieldName) => ({
+            fieldName,
+            reason: "This field is outside the external proposal contract because external executable material is not trusted review authority."
+        })),
+        freshness,
+        blockingChecks,
+        nonSignableReason: {
+            code: "external_proposal_review_only",
+            message: "This review is non-signable because it only records an untrusted external proposal and does not build or verify transaction material.",
+            blockedCapabilities: [
+                "transaction_building",
+                "wallet_signing",
+                "execution",
+                "signing_data_or_readiness",
+                "external_transaction_material_authority"
+            ]
+        }
+    };
+}
+function freshnessSummary(proposal, now) {
+    const createdAtMs = Date.parse(proposal.createdAt);
+    const nowMs = now.getTime();
+    if (createdAtMs > nowMs) {
+        return {
+            proposalCreatedAt: proposal.createdAt,
+            ...(proposal.expiresAt ? { proposalExpiresAt: proposal.expiresAt } : {}),
+            evaluatedAt: now.toISOString(),
+            status: "created_in_future",
+            reason: "The proposal createdAt timestamp is after the local review evaluation time."
+        };
+    }
+    if (!proposal.expiresAt) {
+        return {
+            proposalCreatedAt: proposal.createdAt,
+            evaluatedAt: now.toISOString(),
+            status: "expiry_not_provided",
+            reason: "The proposal did not provide an expiry timestamp."
+        };
+    }
+    if (Date.parse(proposal.expiresAt) <= nowMs) {
+        return {
+            proposalCreatedAt: proposal.createdAt,
+            proposalExpiresAt: proposal.expiresAt,
+            evaluatedAt: now.toISOString(),
+            status: "expired",
+            reason: "The proposal expiry timestamp is not after the local review evaluation time."
+        };
+    }
+    return {
+        proposalCreatedAt: proposal.createdAt,
+        proposalExpiresAt: proposal.expiresAt,
+        evaluatedAt: now.toISOString(),
+        status: "current",
+        reason: "The proposal createdAt and expiresAt timestamps are consistent with the local review evaluation time."
+    };
+}
+function missingEvidenceForProposal(proposal) {
+    const gaps = [
+        {
+            id: "account_bound_wallet_assets",
+            label: "Account-bound wallet evidence",
+            reason: "This ingestion step has not read wallet balances, gas assets, object ownership, or before/after balance changes."
+        },
+        {
+            id: "review_time_simulation",
+            label: "Review-time simulation",
+            reason: "No transaction is built or simulated for this external proposal in the current release."
+        },
+        {
+            id: "recipient_or_target_verification",
+            label: "Recipient or target verification",
+            reason: "The proposal recipient or action target is displayed as provided and has not been independently verified as intended by the user."
+        }
+    ];
+    if (proposal.type === "payment" && !proposal.payment.amount.coinType) {
+        gaps.push({
+            id: "settlement_asset_selection",
+            label: "Settlement asset selection",
+            reason: "The proposal did not identify a verified coin type. Symbol and denomination fields are external display labels, not user-selected settlement assets."
+        });
+    }
+    if (proposal.type === "payment" && proposal.payment.amount.coinType) {
+        gaps.push({
+            id: "settlement_asset_metadata_verification",
+            label: "Settlement asset metadata verification",
+            reason: "The proposal supplied a coinType, but this read-only ingestion step has not verified its mainnet metadata or user selection provenance."
+        });
+    }
+    if (proposal.type === "sui_action") {
+        gaps.push({
+            id: "action_adapter_support",
+            label: "Action adapter support",
+            reason: "No reviewed adapter currently verifies this external Sui action target or converts it into wallet-review material."
+        });
+    }
+    return gaps;
+}
+function requiredUserChoicesForProposal(proposal) {
+    const choices = (proposal.requiredUserChoices ?? []).map((choice, index) => ({
+        id: `source_required_choice_${index + 1}`,
+        label: "Source-required user choice",
+        reason: choice
+    }));
+    if (proposal.type === "payment" && !proposal.payment.amount.coinType) {
+        choices.push({
+            id: "choose_settlement_asset",
+            label: "Choose settlement asset",
+            reason: "A concrete settlement asset remains a user choice when the proposal names only a symbol, denomination, or display amount."
+        });
+    }
+    if (proposal.type === "payment" && proposal.payment.amount.coinType) {
+        choices.push({
+            id: "confirm_settlement_asset",
+            label: "Confirm settlement asset",
+            reason: "The proposal supplied a settlement asset identifier, but this read-only review has not verified that the user selected it. Confirm the displayed settlement asset before treating it as intended."
+        });
+    }
+    return choices;
+}
+function blockingChecksForProposal(proposal, freshnessStatus) {
+    const checks = [
+        {
+            id: "external_proposal_contract",
+            label: "External proposal contract",
+            status: "pass",
+            message: "The external proposal matched the read-only proposal schema.",
+            source: "proposal"
+        },
+        {
+            id: "proposal_declared_mainnet",
+            label: "Declared network",
+            status: "warning",
+            message: `The proposal declares ${proposal.network}, but this is not connected-chain verification.`,
+            source: "proposal"
+        }
+    ];
+    if (freshnessStatus === "expired" || freshnessStatus === "created_in_future") {
+        checks.push({
+            id: "proposal_freshness",
+            label: "Proposal freshness",
+            status: "fail",
+            message: `Proposal freshness status is ${freshnessStatus}.`,
+            source: "proposal"
+        });
+    }
+    else if (freshnessStatus === "expiry_not_provided") {
+        checks.push({
+            id: "proposal_freshness",
+            label: "Proposal freshness",
+            status: "warning",
+            message: "The proposal did not include an expiry timestamp.",
+            source: "proposal"
+        });
+    }
+    else {
+        checks.push({
+            id: "proposal_freshness",
+            label: "Proposal freshness",
+            status: "pass",
+            message: "The proposal timestamps are current for this local review.",
+            source: "proposal"
+        });
+    }
+    checks.push({
+        id: "external_proposal_review_only",
+        label: "Non-signable review",
+        status: "fail",
+        message: "External proposal ingestion is read-only; it does not build transactions, request signatures, or create wallet actions.",
+        source: "adapter"
+    });
+    return checks;
+}
+function proposedActionDisplay(proposal) {
+    if (proposal.type === "payment") {
+        const recipient = proposal.payment.recipient;
+        const recipientLabel = partyLabel(recipient);
+        const assetLabel = amountLabel(proposal.payment.amount);
+        return {
+            title: `Review payment proposal: ${assetLabel} to ${recipientLabel}`,
+            recipient,
+            target: proposal.payment.target
+        };
+    }
+    return {
+        title: `Review Sui action proposal: ${proposal.action.actionKind}`,
+        ...(proposal.action.recipient ? { recipient: proposal.action.recipient } : {}),
+        target: proposal.action.target
+    };
+}
+function assetFlowForProposal(proposal) {
+    if (proposal.type === "payment") {
+        return {
+            outgoing: [proposal.payment.amount],
+            expectedIncoming: [],
+            fees: []
+        };
+    }
+    return {
+        outgoing: amountsForDirection(proposal.action.assetFlow, "outgoing"),
+        expectedIncoming: amountsForDirection(proposal.action.assetFlow, "expected_incoming"),
+        fees: amountsForDirection(proposal.action.assetFlow, "fee")
+    };
+}
+function amountsForDirection(flows, direction) {
+    return (flows ?? []).filter((flow) => flow.direction === direction).map((flow) => flow.amount);
+}
+function recipientsForProposal(proposal) {
+    if (proposal.type === "payment") {
+        return [proposal.payment.recipient];
+    }
+    const recipients = [
+        ...(proposal.action.recipient ? [proposal.action.recipient] : []),
+        ...(proposal.action.assetFlow ?? []).flatMap((flow) => (flow.recipient ? [flow.recipient] : []))
+    ];
+    return dedupeParties(recipients);
+}
+function targetsForProposal(proposal) {
+    if (proposal.type === "payment") {
+        return proposal.payment.target ? [proposal.payment.target] : [];
+    }
+    return [proposal.action.target];
+}
+function dedupeParties(parties) {
+    const seen = new Set();
+    return parties.filter((party) => {
+        const key = `${party.address ?? ""}|${party.label ?? ""}`;
+        if (seen.has(key)) {
+            return false;
+        }
+        seen.add(key);
+        return true;
+    });
+}
+function toDisplayIntentAmount(amount) {
+    return {
+        symbol: amount.symbol ?? amount.denomination ?? "unspecified_asset",
+        amount: amount.amountDisplay,
+        ...(amount.coinType ? { coinType: amount.coinType } : {}),
+        amountKind: "display_intent"
+    };
+}
+function partyLabel(party) {
+    return party.label ?? party.address ?? "unspecified recipient";
+}
+function amountLabel(amount) {
+    return `${amount.amountDisplay} ${amount.symbol ?? amount.denomination ?? "unspecified asset"}`;
+}

package/dist/core/proposal/schemas.js

@@ -0,0 +1,208 @@
+import { validateMnemonic } from "@scure/bip39";
+import { wordlist as englishBip39Wordlist } from "@scure/bip39/wordlists/english.js";
+import { decodeSuiPrivateKey } from "@mysten/sui/cryptography";
+import { z } from "zod";
+import { suiAddressStringSchema } from "../suiAddress.js";
+import { EXTERNAL_PROPOSAL_CONTRACT_VERSION, PROPOSAL_REVIEW_MODEL_VERSION } from "./types.js";
+const isoUtcStringSchema = z.string().refine((value) => {
+    const parsed = new Date(value);
+    return !Number.isNaN(parsed.getTime()) && parsed.toISOString() === value;
+}, "Expected ISO 8601 UTC timestamp");
+const EXECUTABLE_MATERIAL_TEXT_PATTERN = /transaction\s*bytes?|transactionBytes|tx\s*bytes?|serialized\s*transaction|serializedTransaction|signed\s*transaction|signing\s*request|signingRequest|wallet\s*authorization|walletAuthorization|private\s*key|privateKey|secret\s*key|secretKey|seed\s*phrase|mnemonic|suiprivkey|signature|route[-_\s]*selected|routeSelectedPlan|bcs\s*transaction|programmable\s*transaction/i;
+const LONG_HEX_OR_BASE64LIKE_PAYLOAD_PATTERN = /(?:0x[0-9a-fA-F]{160,}|[A-Za-z0-9+/_=-]{160,})/;
+const SUI_PRIVATE_KEY_CANDIDATE_PATTERN = /suiprivkey1[023456789acdefghjklmnpqrstuvwxyz]+/gi;
+const RAW_SECRET_HEX_PATTERN = /(^|[^0-9a-fA-F])(?:0x)?[0-9a-fA-F]{64}($|[^0-9a-fA-F])/;
+const RAW_SECRET_BASE64_PATTERN = /(^|[^A-Za-z0-9+/_=-])(?:[A-Za-z0-9+/]{43}=|[A-Za-z0-9+/]{44}|[A-Za-z0-9_-]{43,44})($|[^A-Za-z0-9+/_=-])/;
+const POSITIVE_DECIMAL_DISPLAY_AMOUNT_PATTERN = /^(?:0|[1-9][0-9]*)(?:\.[0-9]+)?$/;
+const BIP39_WORD_COUNTS = [12, 15, 18, 21, 24];
+function proposalTextSchema(maxLength, fieldName, options = {}) {
+    return z.string().min(1).max(maxLength).superRefine((value, ctx) => {
+        if (EXECUTABLE_MATERIAL_TEXT_PATTERN.test(value) ||
+            LONG_HEX_OR_BASE64LIKE_PAYLOAD_PATTERN.test(value) ||
+            containsSuiPrivateKeyMaterial(value) ||
+            containsValidEnglishBip39Mnemonic(value) ||
+            (!options.allowRawSecretLikeText && containsRawSecretLikeText(value))) {
+            ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                message: `${fieldName} must not contain executable, signing, private-key, mnemonic, route-selected, or encoded secret-like material`
+            });
+        }
+    });
+}
+function identifierTextSchema(maxLength, fieldName) {
+    return proposalTextSchema(maxLength, fieldName, { allowRawSecretLikeText: true });
+}
+function containsSuiPrivateKeyMaterial(value) {
+    const matches = value.match(SUI_PRIVATE_KEY_CANDIDATE_PATTERN) ?? [];
+    return matches.some((candidate) => {
+        try {
+            decodeSuiPrivateKey(candidate.toLowerCase());
+            return true;
+        }
+        catch {
+            return candidate.toLowerCase().startsWith("suiprivkey1");
+        }
+    });
+}
+function containsValidEnglishBip39Mnemonic(value) {
+    const words = value
+        .normalize("NFKD")
+        .toLowerCase()
+        .replace(/[^a-z]+/g, " ")
+        .trim()
+        .split(/\s+/)
+        .filter(Boolean);
+    for (const wordCount of BIP39_WORD_COUNTS) {
+        if (words.length < wordCount) {
+            continue;
+        }
+        for (let index = 0; index <= words.length - wordCount; index += 1) {
+            if (validateMnemonic(words.slice(index, index + wordCount).join(" "), englishBip39Wordlist)) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+function containsRawSecretLikeText(value) {
+    return RAW_SECRET_HEX_PATTERN.test(value) || RAW_SECRET_BASE64_PATTERN.test(value);
+}
+const proposalDisplayAmountSchema = proposalTextSchema(80, "amountDisplay").refine((value) => POSITIVE_DECIMAL_DISPLAY_AMOUNT_PATTERN.test(value) &&
+    /[1-9]/.test(value), {
+    message: "Expected a positive decimal display amount"
+});
+const externalProposalSourceSchema = z.object({
+    kind: z.enum(["mcp_server", "ai_client", "user", "other"]),
+    name: proposalTextSchema(120, "source.name"),
+    reference: proposalTextSchema(256, "source.reference").optional()
+}).strict();
+const externalProposalPartySchema = z.object({
+    address: suiAddressStringSchema.optional(),
+    label: proposalTextSchema(120, "party.label").optional()
+}).strict().refine((party) => party.address !== undefined || party.label !== undefined, {
+    message: "Expected address or label"
+});
+const externalProposalAssetAmountSchema = z.object({
+    amountDisplay: proposalDisplayAmountSchema,
+    amountKind: z.literal("display_proposal").default("display_proposal"),
+    symbol: proposalTextSchema(64, "amount.symbol").optional(),
+    coinType: identifierTextSchema(512, "amount.coinType").optional(),
+    denomination: proposalTextSchema(64, "amount.denomination").optional()
+}).strict();
+const externalProposalActionTargetSchema = z.object({
+    packageId: identifierTextSchema(128, "action.target.packageId").optional(),
+    module: proposalTextSchema(128, "action.target.module").optional(),
+    function: proposalTextSchema(128, "action.target.function").optional(),
+    objectId: identifierTextSchema(128, "action.target.objectId").optional(),
+    label: proposalTextSchema(120, "action.target.label").optional()
+}).strict().refine((target) => target.packageId !== undefined ||
+    target.module !== undefined ||
+    target.function !== undefined ||
+    target.objectId !== undefined ||
+    target.label !== undefined, { message: "Expected at least one action target field" });
+const externalProposalAssetFlowItemSchema = z.object({
+    direction: z.enum(["outgoing", "expected_incoming", "fee"]),
+    amount: externalProposalAssetAmountSchema,
+    recipient: externalProposalPartySchema.optional(),
+    description: proposalTextSchema(512, "assetFlow.description").optional()
+}).strict();
+const externalProposalBaseSchema = z.object({
+    id: proposalTextSchema(120, "proposal.id"),
+    source: externalProposalSourceSchema,
+    network: z.literal("sui:mainnet"),
+    createdAt: isoUtcStringSchema,
+    expiresAt: isoUtcStringSchema.optional(),
+    purpose: proposalTextSchema(512, "purpose"),
+    assumptions: z.array(proposalTextSchema(512, "assumptions[]")).max(20).optional(),
+    requiredUserChoices: z.array(proposalTextSchema(512, "requiredUserChoices[]")).max(20).optional()
+}).strict();
+const externalPaymentProposalSchema = externalProposalBaseSchema.extend({
+    type: z.literal("payment"),
+    payment: z.object({
+        amount: externalProposalAssetAmountSchema,
+        recipient: externalProposalPartySchema,
+        target: proposalTextSchema(512, "payment.target").optional()
+    }).strict()
+}).strict();
+const externalSuiActionProposalSchema = externalProposalBaseSchema.extend({
+    type: z.literal("sui_action"),
+    action: z.object({
+        actionKind: proposalTextSchema(120, "action.actionKind"),
+        target: externalProposalActionTargetSchema,
+        recipient: externalProposalPartySchema.optional(),
+        assetFlow: z.array(externalProposalAssetFlowItemSchema).max(20).optional()
+    }).strict()
+}).strict();
+export const externalProposalSchema = z.discriminatedUnion("type", [
+    externalPaymentProposalSchema,
+    externalSuiActionProposalSchema
+]);
+const proposalReviewCheckSchema = z.object({
+    id: z.string(),
+    label: z.string(),
+    status: z.enum(["pass", "warning", "fail"]),
+    message: z.string(),
+    source: z.enum(["proposal", "adapter", "registry", "quote", "wallet", "simulation", "network"])
+}).strict();
+const proposalReviewGapSchema = z.object({
+    id: z.string(),
+    label: z.string(),
+    reason: z.string()
+}).strict();
+export const proposalReviewModelSchema = z.object({
+    modelVersion: z.literal(PROPOSAL_REVIEW_MODEL_VERSION),
+    contractVersion: z.literal(EXTERNAL_PROPOSAL_CONTRACT_VERSION),
+    proposalId: z.string(),
+    proposalType: z.enum(["payment", "sui_action"]),
+    proposalSource: externalProposalSourceSchema,
+    proposedAction: z.object({
+        kind: z.enum(["payment", "sui_action"]),
+        title: z.string(),
+        purpose: z.string(),
+        network: z.literal("sui:mainnet"),
+        recipient: externalProposalPartySchema.optional(),
+        target: z.union([z.string(), externalProposalActionTargetSchema]).optional()
+    }).strict(),
+    assetFlow: z.object({
+        outgoing: z.array(externalProposalAssetAmountSchema),
+        expectedIncoming: z.array(externalProposalAssetAmountSchema),
+        fees: z.array(externalProposalAssetAmountSchema)
+    }).strict(),
+    recipients: z.array(externalProposalPartySchema),
+    targets: z.array(z.union([z.string(), externalProposalActionTargetSchema])),
+    evidenceUsed: z.array(z.object({
+        id: z.string(),
+        label: z.string(),
+        source: z.enum(["external_proposal", "local_schema"]),
+        summary: z.string()
+    }).strict()),
+    missingEvidence: z.array(proposalReviewGapSchema),
+    requiredUserChoices: z.array(proposalReviewGapSchema),
+    unsupportedClaims: z.array(z.object({
+        id: z.string(),
+        label: z.string(),
+        reason: z.string()
+    }).strict()),
+    rejectedExecutableFields: z.array(z.object({
+        fieldName: z.string(),
+        reason: z.string()
+    }).strict()),
+    freshness: z.object({
+        proposalCreatedAt: isoUtcStringSchema,
+        proposalExpiresAt: isoUtcStringSchema.optional(),
+        evaluatedAt: isoUtcStringSchema,
+        status: z.enum(["current", "expired", "created_in_future", "expiry_not_provided"]),
+        reason: z.string()
+    }).strict(),
+    blockingChecks: z.array(proposalReviewCheckSchema),
+    nonSignableReason: z.object({
+        code: z.literal("external_proposal_review_only"),
+        message: z.string(),
+        blockedCapabilities: z.array(z.string())
+    }).strict()
+}).strict();
+export const externalProposalActionPlanDataSchema = z.object({
+    requestedIntent: externalProposalSchema,
+    implementationStatus: z.literal("read_only_review_only"),
+    contractVersion: z.literal(EXTERNAL_PROPOSAL_CONTRACT_VERSION)
+}).strict();