@stelis/say-ur-intent 0.0.3 → 0.0.5

package/README.md

@@ -115,15 +115,13 @@ It also includes:
 
 ## Current Limits
 
-### Not Implemented Yet (Deliberately Sequenced)
+### Not Implemented
 
-The items in this section are deliberately sequenced roadmap steps, not product
-refusals. Server-side receipt verification against chain state is not
-implemented yet. The full analysis page is not implemented yet. Transaction
-material build, contract emit, digest-gated wallet handoff, and user-controlled
-signing are implemented for the account-bound DeepBook swap review, which
-resolves its protocol through a plan-factory registry so further swap adapters
-attach the same way. External proposal execution is not implemented.
+Server-side receipt verification against chain state is not implemented. The
+full analysis page is not implemented. External proposal execution is not
+implemented. Transaction material build, contract emit, digest-gated wallet
+handoff, and user-controlled signing are implemented for the account-bound
+DeepBook and FlowX swap review through a plan-factory registry.
 
 External proposal ingestion is implemented only for read-only local review
 sessions. It accepts structured proposal facts, rejects forbidden executable or
@@ -305,6 +303,21 @@ AI client answer behavior must be mirrored in runtime-facing instructions, resou
 - `AGENTS.md`: root repository development contract and non-negotiable product boundaries for coding agents working on this codebase.
 - `docs/AGENT_DEVELOPMENT_POLICY.md`: detailed binding development, review, documentation, source-of-truth, and completion policies for coding agents.
 
+## Contract Name Registry
+
+The PTB visualization on the review page can show a registered Move Registry
+(MVR) package name in place of a raw package address (for example
+`@deepbook/core`), with a toggle back to the raw address and a copyable Mermaid
+source that keeps raw addresses. The name is a package identity label only, not a
+safety, trust, route-quality, or signing-readiness signal.
+
+If you maintain a Sui DeFi protocol that has a registered MVR name and want its
+package to display that name in the review graph, open a pull request adding your
+mainnet package address and MVR name to
+[`src/core/action/contractNameRegistry.ts`](src/core/action/contractNameRegistry.ts).
+Only packages listed in this registry are relabeled; every other package keeps
+its raw address.
+
 ## For Maintainers
 
 This section is for people operating releases, running smoke checks, changing runtime storage, or debugging startup. Normal users and MCP client users can stop at the documentation map above.

package/dist/core/action/contractNameRegistry.js

@@ -0,0 +1,42 @@
+import { mainnetPackageIds } from "@mysten/deepbook-v3";
+export const CONTRACT_NAME_REGISTRY = [
+    {
+        address: mainnetPackageIds.DEEPBOOK_PACKAGE_ID,
+        name: "@deepbook/core",
+        source: "deepbook_v3_sdk_mainnet_package_id"
+    }
+];
+/**
+ * Normalize a Sui address or package id to `0x` + 64 lowercase hex, or return
+ * undefined when the input is not a well-formed Sui address. Short forms are
+ * left-padded with zeros so different-width forms of the same address compare
+ * equal.
+ */
+function normalizeContractAddress(value) {
+    const lower = value.trim().toLowerCase();
+    const body = lower.startsWith("0x") ? lower.slice(2) : lower;
+    if (body.length === 0 || body.length > 64 || !/^[0-9a-f]+$/.test(body)) {
+        return undefined;
+    }
+    return `0x${body.padStart(64, "0")}`;
+}
+const NAME_BY_ADDRESS = new Map(CONTRACT_NAME_REGISTRY.flatMap((entry) => {
+    const normalized = normalizeContractAddress(entry.address);
+    return normalized === undefined ? [] : [[normalized, entry.name]];
+}));
+/**
+ * Replace every registered package address in PTB Mermaid label text with its
+ * registered name. Only exact normalized-address matches are replaced; unknown
+ * addresses are left unchanged. Mermaid node ids are synthetic (`command0`,
+ * `input0`, ...) and the package address only appears inside quoted label text,
+ * so the substitution cannot break the graph syntax.
+ */
+export function applyContractNamesToMermaid(mermaidText) {
+    let text = mermaidText;
+    for (const [address, name] of NAME_BY_ADDRESS) {
+        if (text.includes(address)) {
+            text = text.split(address).join(name);
+        }
+    }
+    return text;
+}

package/dist/core/action/ptbVisualizationProducer.js

@@ -1,5 +1,6 @@
 import { Transaction } from "@mysten/sui/transactions";
 import { rawTransactionToIR, transactionIRToMermaid } from "@zktx.io/ptb-model";
+import { applyContractNamesToMermaid } from "./contractNameRegistry.js";
 import { PTB_VISUALIZATION_CONTRACT_VERSION, PTB_VISUALIZATION_REQUIRED_UNSUPPORTED_USES, ptbVisualizationArtifactSchema } from "./signableAdapterContract.js";
 export const PTB_VISUALIZATION_RENDERER = {
     name: "transactionIRToMermaid",
@@ -44,7 +45,11 @@ export async function producePtbVisualizationArtifact(input) {
         },
         mermaid: {
             diagramType: "flowchart",
-            text: mermaidText
+            // text keeps raw package addresses (truth/audit and copyable source);
+            // namedText relabels registered packages with their Move Registry name for
+            // the default graph, with a review-page toggle back to raw addresses.
+            text: mermaidText,
+            namedText: applyContractNamesToMermaid(mermaidText)
         },
         diagnostics: [],
         unsupportedUse: [...PTB_VISUALIZATION_REQUIRED_UNSUPPORTED_USES],

package/dist/core/action/signableAdapterContract.js

@@ -975,7 +975,8 @@ export const ptbVisualizationArtifactSchema = z.object({
     }).strict(),
     mermaid: z.object({
         diagramType: z.literal("flowchart"),
-        text: displayTextWithoutExecutableMaterial(20_000, "mermaid.text")
+        text: displayTextWithoutExecutableMaterial(20_000, "mermaid.text"),
+        namedText: displayTextWithoutExecutableMaterial(20_000, "mermaid.namedText")
     }).strict(),
     diagnostics: z.array(z.object({
         severity: z.enum(["info", "warning", "error"]),

package/dist/core/activity/sqliteActivityStore.js

@@ -1,4 +1,4 @@
-import { mkdirSync } from "node:fs";
+import { chmodSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, resolve } from "node:path";
 import Database from "better-sqlite3";
@@ -7,6 +7,8 @@ import { parseLifecycleValidatedReviewState } from "../action/reviewStateValidat
 import { actionPlanSchema, executionResultSchema } from "../action/schemas.js";
 import { parseSuiAddress } from "../suiAddress.js";
 import { SqlitePreferencesRepository } from "../preferences/sqlitePreferencesRepository.js";
+import { SqliteTransactionMaterialStore } from "../session/sqliteTransactionMaterialStore.js";
+import { SqliteSessionRecordStore, SqlitePrivateReviewArtifactStore, createSqliteWalletIdentityRecordStore, createSqliteSettingsRecordStore } from "../session/sqliteSessionStore.js";
 import { SqliteLocalDataService } from "./localDataService.js";
 import { ActivityStoreReadError, REVIEW_ACTIVITY_DETAIL_MAX_ITEMS, REVIEW_ACTIVITY_LOW_SAMPLE_THRESHOLD } from "./activityStore.js";
 import { configureDatabase, initializeDatabase } from "./sqliteActivityStoreSchema.js";
@@ -16,13 +18,24 @@ export { ActivityStoreError };
 const ACTIVE_ACCOUNT_SINGLETON_ID = 1;
 export const DATA_DIR_ENV = "SAY_UR_INTENT_DATA_DIR";
 export const ACTIVITY_DATABASE_FILENAME = "say-ur-intent.sqlite";
+// Best-effort permission hardening. The owner-only data directory is the primary
+// protection; failures (e.g. on Windows, which ignores POSIX modes) are non-fatal.
+function restrictPathPermissions(path, mode) {
+    try {
+        chmodSync(path, mode);
+    }
+    catch {
+        // Non-fatal: the 0700 directory remains the primary protection.
+    }
+}
 export class SqliteActivityStore {
     db;
     validateAdapterLifecycle;
     constructor(options) {
         this.validateAdapterLifecycle = options.validateAdapterLifecycle;
+        const dataDirectory = dirname(options.databasePath);
         try {
-            mkdirSync(dirname(options.databasePath), { recursive: true });
+            mkdirSync(dataDirectory, { recursive: true, mode: 0o700 });
         }
         catch {
             throw new ActivityStoreError(`Could not create the local activity data directory. Check directory permissions or set ${DATA_DIR_ENV}.`);
@@ -36,6 +49,12 @@ export class SqliteActivityStore {
             this.db.close();
             throw error;
         }
+        // This database persists unsigned transaction material (Option B), so restrict it to
+        // the owner. The 0700 directory is the primary protection (it also covers the WAL/SHM
+        // sidecars and blocks other OS users); the 0600 file is belt-and-suspenders. Best-effort
+        // because some platforms (e.g. Windows) ignore POSIX modes.
+        restrictPathPermissions(dataDirectory, 0o700);
+        restrictPathPermissions(options.databasePath, 0o600);
     }
     async upsertAccount(address, source, now = new Date()) {
         return this.upsertAccountSync(address, source, now.toISOString());
@@ -613,6 +632,21 @@ export class SqliteActivityStore {
     createCoinMetadataCache() {
         return new SqliteCoinMetadataCache(this.db);
     }
+    createTransactionMaterialStore() {
+        return new SqliteTransactionMaterialStore(this.db);
+    }
+    createSessionRecordStore() {
+        return new SqliteSessionRecordStore(this.db);
+    }
+    createPrivateReviewArtifactStore() {
+        return new SqlitePrivateReviewArtifactStore(this.db);
+    }
+    createWalletIdentityRecordStore() {
+        return createSqliteWalletIdentityRecordStore(this.db);
+    }
+    createSettingsRecordStore() {
+        return createSqliteSettingsRecordStore(this.db);
+    }
     upsertAccountSync(address, source, timestamp) {
         const normalized = parseSuiAddress(address);
         if (!normalized) {

package/dist/core/activity/sqliteActivityStoreSchema.js

@@ -7,6 +7,9 @@ export function configureDatabase(db) {
     db.exec("PRAGMA journal_mode=WAL");
     db.exec("PRAGMA synchronous=NORMAL");
     db.exec("PRAGMA foreign_keys=ON");
+    // Multiple client processes share this database; wait instead of failing with
+    // SQLITE_BUSY when another process holds the write lock.
+    db.exec("PRAGMA busy_timeout=5000");
 }
 export function initializeDatabase(db) {
     const currentUserVersion = db.pragma("user_version", { simple: true });
@@ -159,6 +162,57 @@ export function initializeDatabase(db) {
       PRIMARY KEY (coin_type, chain_identifier)
     );
 
+  `);
+    // Live multi-client state (Option B): runtime session state lives in the shared
+    // database so any review-server process can serve any session. Added WITHOUT a
+    // DB_USER_VERSION bump — older runtimes ignore unknown tables, so a newer client can
+    // introduce them without breaking a concurrently-running older client.
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS live_transaction_materials (
+      material_id TEXT PRIMARY KEY,
+      review_session_id TEXT NOT NULL,
+      plan_id TEXT NOT NULL,
+      account TEXT NOT NULL,
+      kind TEXT NOT NULL,
+      source TEXT NOT NULL,
+      transaction_bytes BLOB NOT NULL,
+      redacted_diagnostics_json TEXT,
+      created_at TEXT NOT NULL,
+      expires_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_live_transaction_materials_session
+      ON live_transaction_materials(review_session_id);
+
+    CREATE TABLE IF NOT EXISTS live_review_sessions (
+      id TEXT PRIMARY KEY,
+      token_hash TEXT NOT NULL,
+      status TEXT NOT NULL,
+      account TEXT,
+      pending_handoff_digest TEXT,
+      plans_json TEXT NOT NULL,
+      review_state_json TEXT,
+      execution_result_json TEXT,
+      created_at TEXT NOT NULL,
+      expires_at TEXT NOT NULL,
+      last_activity_at TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS live_private_review_artifacts (
+      review_session_id TEXT PRIMARY KEY
+        REFERENCES live_review_sessions(id) ON DELETE CASCADE,
+      artifacts_json TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS live_wallet_identity_sessions (
+      id TEXT PRIMARY KEY,
+      session_json TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS live_settings_sessions (
+      id TEXT PRIMARY KEY,
+      session_json TEXT NOT NULL
+    );
   `);
     migrateDatabase(db, currentUserVersion);
     if (db.pragma("user_version", { simple: true }) !== DB_USER_VERSION) {

package/dist/core/session/keyedRecordStore.js

@@ -0,0 +1,18 @@
+export class InMemoryKeyedRecordStore {
+    records = new Map();
+    get(id) {
+        return this.records.get(id);
+    }
+    set(id, value) {
+        this.records.set(id, value);
+    }
+    delete(id) {
+        this.records.delete(id);
+    }
+    ids() {
+        return [...this.records.keys()];
+    }
+    clear() {
+        this.records.clear();
+    }
+}

package/dist/core/session/sessionRecordStore.js

@@ -0,0 +1,33 @@
+export class InMemorySessionRecordStore {
+    sessions = new Map();
+    get(id) {
+        return this.sessions.get(id);
+    }
+    set(id, session) {
+        this.sessions.set(id, session);
+    }
+    ids() {
+        return [...this.sessions.keys()];
+    }
+    clear() {
+        this.sessions.clear();
+    }
+    acquireHandoffLock(id, digest) {
+        const session = this.sessions.get(id);
+        if (!session) {
+            return false;
+        }
+        if (session.pendingHandoffDigest !== undefined && session.pendingHandoffDigest !== digest) {
+            return false;
+        }
+        session.pendingHandoffDigest = digest;
+        return true;
+    }
+    releaseHandoffLock(id) {
+        const session = this.sessions.get(id);
+        if (!session) {
+            return;
+        }
+        delete session.pendingHandoffDigest;
+    }
+}

package/dist/core/session/sessionStore.js

@@ -9,6 +9,7 @@ import { publicHumanReadableReviewFromEvidence } from "../action/humanReadableRe
 import { publicTransactionSimulationSummaryFromEvidence, verifyReviewTimeSimulationEvidence } from "../action/reviewTimeSimulationEvidence.js";
 import { verifySupportedHumanReadableReviewEvidence } from "../action/humanReadableReviewProjectionVerifier.js";
 import { InMemoryPrivateReviewArtifactStore } from "./privateReviewArtifacts.js";
+import { InMemorySessionRecordStore } from "./sessionRecordStore.js";
 import { isFinalSessionStatus } from "./status.js";
 import { parseSuiAddress } from "../suiAddress.js";
 import { cloneLocalSession, createLocalSessionBase, DEFAULT_SESSION_TTL_MS, isLocalSessionExpired, tokenMatchesHash } from "./localSession.js";
@@ -52,9 +53,9 @@ const ALLOWED_TRANSITIONS = {
     failure: [],
     expired: []
 };
-export class InMemorySessionStore {
-    sessions = new Map();
-    privateReviewArtifacts = new InMemoryPrivateReviewArtifactStore();
+export class LocalSessionStore {
+    sessions;
+    privateReviewArtifacts;
     walletIdentity;
     settings;
     ttlMs;
@@ -64,17 +65,21 @@ export class InMemorySessionStore {
     logger;
     validateAdapterLifecycle;
     constructor(options) {
+        this.sessions = options.sessions;
+        this.privateReviewArtifacts = options.artifacts;
         this.ttlMs = options.ttlMs ?? DEFAULT_SESSION_TTL_MS;
         this.walletIdentity = new WalletIdentitySessionManager({
             ttlMs: this.ttlMs,
             appendEventLog: (record) => this.appendEventLog(record),
             setActiveAccount: async (account, now, wallet) => {
                 await this.activityStore.setActiveAccount(account, "wallet_identity", now, wallet);
-            }
+            },
+            ...(options.walletIdentityStore ? { recordStore: options.walletIdentityStore } : {})
         });
         this.settings = new SettingsSessionManager({
             ttlMs: this.ttlMs,
-            appendEventLog: (record) => this.appendEventLog(record)
+            appendEventLog: (record) => this.appendEventLog(record),
+            ...(options.settingsStore ? { recordStore: options.settingsStore } : {})
         });
         this.eventLog = options.eventLog ?? new NullEventLogSink();
         this.activityStore = options.activityStore;
@@ -118,7 +123,7 @@ export class InMemorySessionStore {
     }
     async listReviewSessions(now = new Date()) {
         const sessions = [];
-        for (const id of this.sessions.keys()) {
+        for (const id of this.sessions.ids()) {
             const session = await this.getReviewSession(id, now);
             if (session) {
                 sessions.push(session);
@@ -450,8 +455,7 @@ export class InMemorySessionStore {
         if (!session || session.pendingHandoffDigest === undefined) {
             return;
         }
-        delete session.pendingHandoffDigest;
-        this.sessions.set(id, session);
+        this.sessions.releaseHandoffLock(id);
         await this.appendEventLog({
             type: "handoff.cancelled",
             sessionId: id,
@@ -512,8 +516,9 @@ export class InMemorySessionStore {
         // One-transaction lock: while a handoff is outstanding, state recomputes
         // are refused so a second, different transaction cannot be signed from
         // the same session. Cleared on result recording, cancel, or material expiry.
-        session.pendingHandoffDigest = contract.transactionMaterialCommitment;
-        this.sessions.set(id, session);
+        if (!this.sessions.acquireHandoffLock(id, contract.transactionMaterialCommitment)) {
+            throw new SessionStoreError("handoff_unavailable", "Another signing is already in progress for this review session");
+        }
         await this.appendEventLog({
             type: "handoff.prepared",
             sessionId: id,
@@ -528,7 +533,7 @@ export class InMemorySessionStore {
         };
     }
     async invalidateAllLocalSessions(reason, now = new Date()) {
-        for (const id of this.sessions.keys()) {
+        for (const id of this.sessions.ids()) {
             this.deleteReviewSessionTransactionMaterials(id);
         }
         this.sessions.clear();
@@ -753,6 +758,18 @@ export class InMemorySessionStore {
         return verifiedArtifacts;
     }
 }
+// In-memory session store: the orchestration above with Map-backed record and
+// artifact stores. Public name + constructor are unchanged so existing callers and
+// the session-store contract test keep working as the regression wall.
+export class InMemorySessionStore extends LocalSessionStore {
+    constructor(options) {
+        super({
+            ...options,
+            sessions: new InMemorySessionRecordStore(),
+            artifacts: new InMemoryPrivateReviewArtifactStore()
+        });
+    }
+}
 function assertPrivateDerivedReviewStateProjections(state, privateArtifacts) {
     for (const binding of PRIVATE_DERIVED_REVIEW_FIELD_BINDINGS) {
         const publicValue = binding.getPublicState(state);

package/dist/core/session/settingsSessions.js

@@ -1,9 +1,11 @@
 import { cloneLocalSession, createLocalSessionBase, isLocalSessionExpired, tokenMatchesHash } from "./localSession.js";
+import { InMemoryKeyedRecordStore } from "./keyedRecordStore.js";
 export class SettingsSessionManager {
     options;
-    sessions = new Map();
+    sessions;
     constructor(options) {
         this.options = options;
+        this.sessions = options.recordStore ?? new InMemoryKeyedRecordStore();
     }
     async create(now) {
         const { base, token } = createLocalSessionBase(now, this.options.ttlMs);

package/dist/core/session/sqliteSessionStore.js

@@ -0,0 +1,175 @@
+import { clonePrivateReviewArtifacts } from "./privateReviewArtifacts.js";
+import { walletIdentitySessionSchema } from "./walletIdentity.js";
+/**
+ * SQLite-backed live review-session records. Holds the same SessionRecordStore
+ * contract as the in-memory backend so the shared LocalSessionStore orchestration
+ * (and every security invariant) runs unchanged. The handoff lock is a single
+ * conditional UPDATE so two processes can never hand off two different transactions
+ * for the same session.
+ */
+export class SqliteSessionRecordStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    get(id) {
+        const row = this.db
+            .prepare(`SELECT * FROM live_review_sessions WHERE id = ?`)
+            .get(id);
+        return row ? sessionFromRow(row) : undefined;
+    }
+    set(id, session) {
+        this.db
+            .prepare(`INSERT INTO live_review_sessions
+           (id, token_hash, status, account, pending_handoff_digest,
+            plans_json, review_state_json, execution_result_json,
+            created_at, expires_at, last_activity_at)
+         VALUES
+           (@id, @tokenHash, @status, @account, @pendingHandoffDigest,
+            @plansJson, @reviewStateJson, @executionResultJson,
+            @createdAt, @expiresAt, @lastActivityAt)
+         ON CONFLICT(id) DO UPDATE SET
+           token_hash = excluded.token_hash,
+           status = excluded.status,
+           account = excluded.account,
+           pending_handoff_digest = excluded.pending_handoff_digest,
+           plans_json = excluded.plans_json,
+           review_state_json = excluded.review_state_json,
+           execution_result_json = excluded.execution_result_json,
+           created_at = excluded.created_at,
+           expires_at = excluded.expires_at,
+           last_activity_at = excluded.last_activity_at`)
+            .run({
+            id: session.id,
+            tokenHash: session.tokenHash,
+            status: session.status,
+            account: session.account ?? null,
+            pendingHandoffDigest: session.pendingHandoffDigest ?? null,
+            plansJson: JSON.stringify(session.plans),
+            reviewStateJson: session.reviewState ? JSON.stringify(session.reviewState) : null,
+            executionResultJson: session.executionResult ? JSON.stringify(session.executionResult) : null,
+            createdAt: session.createdAt,
+            expiresAt: session.expiresAt,
+            lastActivityAt: session.lastActivityAt
+        });
+    }
+    ids() {
+        const rows = this.db.prepare(`SELECT id FROM live_review_sessions`).all();
+        return rows.map((row) => row.id);
+    }
+    clear() {
+        this.db.prepare(`DELETE FROM live_review_sessions`).run();
+    }
+    acquireHandoffLock(id, digest) {
+        // Atomic across processes: claim the lock only when it is free or already held
+        // by the same digest. A different in-flight digest leaves the row untouched.
+        const result = this.db
+            .prepare(`UPDATE live_review_sessions
+         SET pending_handoff_digest = ?
+         WHERE id = ? AND (pending_handoff_digest IS NULL OR pending_handoff_digest = ?)`)
+            .run(digest, id, digest);
+        return result.changes > 0;
+    }
+    releaseHandoffLock(id) {
+        this.db
+            .prepare(`UPDATE live_review_sessions SET pending_handoff_digest = NULL WHERE id = ?`)
+            .run(id);
+    }
+}
+export class SqlitePrivateReviewArtifactStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    get(reviewSessionId) {
+        const row = this.db
+            .prepare(`SELECT artifacts_json FROM live_private_review_artifacts WHERE review_session_id = ?`)
+            .get(reviewSessionId);
+        if (!row) {
+            return undefined;
+        }
+        // clonePrivateReviewArtifacts re-parses/validates the evidence on read, matching
+        // the in-memory store's clone-on-read behaviour.
+        return clonePrivateReviewArtifacts(JSON.parse(row.artifacts_json));
+    }
+    set(reviewSessionId, artifacts) {
+        const json = JSON.stringify(clonePrivateReviewArtifacts(artifacts));
+        this.db
+            .prepare(`INSERT INTO live_private_review_artifacts (review_session_id, artifacts_json)
+         VALUES (?, ?)
+         ON CONFLICT(review_session_id) DO UPDATE SET artifacts_json = excluded.artifacts_json`)
+            .run(reviewSessionId, json);
+    }
+    delete(reviewSessionId) {
+        this.db.prepare(`DELETE FROM live_private_review_artifacts WHERE review_session_id = ?`).run(reviewSessionId);
+    }
+    clear() {
+        this.db.prepare(`DELETE FROM live_private_review_artifacts`).run();
+    }
+}
+/**
+ * SQLite-backed id-keyed store for the short-lived wallet-identity and settings
+ * session managers. Each record is a JSON blob keyed by id; the table name is a
+ * trusted constant supplied by the factories below (never user input).
+ */
+export class SqliteKeyedRecordStore {
+    db;
+    table;
+    revive;
+    constructor(db, table, revive) {
+        this.db = db;
+        this.table = table;
+        this.revive = revive;
+    }
+    get(id) {
+        const row = this.db
+            .prepare(`SELECT session_json FROM ${this.table} WHERE id = ?`)
+            .get(id);
+        return row ? this.revive(JSON.parse(row.session_json)) : undefined;
+    }
+    set(id, value) {
+        this.db
+            .prepare(`INSERT INTO ${this.table} (id, session_json) VALUES (?, ?)
+         ON CONFLICT(id) DO UPDATE SET session_json = excluded.session_json`)
+            .run(id, JSON.stringify(value));
+    }
+    delete(id) {
+        this.db.prepare(`DELETE FROM ${this.table} WHERE id = ?`).run(id);
+    }
+    ids() {
+        const rows = this.db.prepare(`SELECT id FROM ${this.table}`).all();
+        return rows.map((row) => row.id);
+    }
+    clear() {
+        this.db.prepare(`DELETE FROM ${this.table}`).run();
+    }
+}
+export function createSqliteWalletIdentityRecordStore(db) {
+    return new SqliteKeyedRecordStore(db, "live_wallet_identity_sessions", (raw) => walletIdentitySessionSchema.parse(raw));
+}
+export function createSqliteSettingsRecordStore(db) {
+    return new SqliteKeyedRecordStore(db, "live_settings_sessions", (raw) => raw);
+}
+// Reconstruct the ReviewSession from columns + JSON blobs. Optional fields are
+// omitted (not set to undefined) so the shape matches the in-memory store exactly.
+function sessionFromRow(row) {
+    return {
+        id: row.id,
+        tokenHash: row.token_hash,
+        status: row.status,
+        createdAt: row.created_at,
+        expiresAt: row.expires_at,
+        lastActivityAt: row.last_activity_at,
+        plans: JSON.parse(row.plans_json),
+        ...(row.account === null ? {} : { account: row.account }),
+        ...(row.review_state_json === null
+            ? {}
+            : { reviewState: JSON.parse(row.review_state_json) }),
+        ...(row.execution_result_json === null
+            ? {}
+            : { executionResult: JSON.parse(row.execution_result_json) }),
+        ...(row.pending_handoff_digest === null
+            ? {}
+            : { pendingHandoffDigest: row.pending_handoff_digest })
+    };
+}

package/dist/core/session/sqliteTransactionMaterialStore.js

@@ -0,0 +1,64 @@
+import { buildTransactionMaterialRecord, sameHandle, toMaterialHandle } from "./transactionMaterialStore.js";
+/**
+ * SQLite-backed transaction material store. Holds the same synchronous contract as
+ * InMemoryLocalTransactionMaterialStore so producers and the wallet handoff path are
+ * unchanged, but persists records (including the unsigned transaction BLOB) to the
+ * shared local database so any review-server process can read them. Validation,
+ * handle identity, and expiry semantics are shared via transactionMaterialStore.ts,
+ * so the two backends never drift. The unsigned bytes are protected at rest by the
+ * data directory (0700) and database file (0600) permissions set in SqliteActivityStore.
+ */
+export class SqliteTransactionMaterialStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    recordTransactionMaterial(input, now = new Date()) {
+        const record = buildTransactionMaterialRecord(input, now);
+        this.db
+            .prepare(`INSERT INTO live_transaction_materials
+           (material_id, review_session_id, plan_id, account, kind, source,
+            transaction_bytes, redacted_diagnostics_json, created_at, expires_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(record.materialId, record.reviewSessionId, record.planId, record.account, record.kind, record.source, Buffer.from(record.transactionBytes), record.redactedDiagnostics === undefined ? null : JSON.stringify(record.redactedDiagnostics), record.createdAt, record.expiresAt);
+        return toMaterialHandle(record);
+    }
+    getTransactionMaterial(handle, now = new Date()) {
+        const row = this.db
+            .prepare(`SELECT * FROM live_transaction_materials WHERE material_id = ?`)
+            .get(handle.materialId);
+        if (!row) {
+            return undefined;
+        }
+        if (Date.parse(row.expires_at) <= now.getTime()) {
+            this.db.prepare(`DELETE FROM live_transaction_materials WHERE material_id = ?`).run(handle.materialId);
+            return undefined;
+        }
+        const record = recordFromRow(row);
+        if (!sameHandle(record, handle)) {
+            return undefined;
+        }
+        return record;
+    }
+    deleteReviewSessionTransactionMaterials(reviewSessionId) {
+        this.db.prepare(`DELETE FROM live_transaction_materials WHERE review_session_id = ?`).run(reviewSessionId);
+    }
+}
+// Each read rebuilds a fresh record (new Uint8Array from the BLOB, parsed
+// diagnostics) so a caller mutating the result never touches the stored row.
+function recordFromRow(row) {
+    return {
+        materialId: row.material_id,
+        reviewSessionId: row.review_session_id,
+        planId: row.plan_id,
+        account: row.account,
+        kind: row.kind,
+        source: row.source,
+        createdAt: row.created_at,
+        expiresAt: row.expires_at,
+        transactionBytes: new Uint8Array(row.transaction_bytes),
+        ...(row.redacted_diagnostics_json == null
+            ? {}
+            : { redactedDiagnostics: JSON.parse(row.redacted_diagnostics_json) })
+    };
+}