@stelis/say-ur-intent 0.0.3 → 0.0.5

package/dist/runtime/reviewServerAcquire.js

@@ -1,75 +1,88 @@
+const DEFAULT_REACQUIRE_INTERVAL_MS = 3000;
 function errorCode(error) {
     return typeof error === "object" && error !== null
         ? error.code
         : undefined;
 }
-/**
- * Bind the review server to its fixed port, taking the port over from a previous
- * instance of our own review server if necessary.
- *
- * Safety: the holder is positively identified over loopback before any signal is
- * sent. A process that is not our review server is never signalled; a same-name
- * instance owned by another OS user surfaces a clear error rather than a kill.
- * The port is never silently reassigned, so the wallet autoconnect origin stays
- * stable.
- */
-export async function startReviewServerWithTakeover(start, port, deps) {
+// Bind the port: returns the server on success, undefined when the port is already
+// in use, and rethrows any other (non-EADDRINUSE) startup error.
+async function tryStart(start, port) {
     try {
         return await start(port);
     }
     catch (error) {
-        if (errorCode(error) !== "EADDRINUSE") {
-            throw error;
-        }
-        const holder = await deps.probeIdentity(port);
-        if (!holder || holder.service !== deps.serviceName) {
-            throw new Error(`Review server port ${port} is already in use by a process that is not a ${deps.serviceName} review server. ` +
-                `Set SAY_UR_INTENT_REVIEW_PORT to a free port. The port is not reassigned automatically so the wallet autoconnect origin stays stable.`);
+        if (errorCode(error) === "EADDRINUSE") {
+            return undefined;
         }
-        if (holder.pid === deps.currentPid) {
-            // We appear to hold the port ourselves yet cannot bind it. Never signal
-            // our own process; surface the original bind error.
-            throw error;
-        }
-        deps.logger.info("review port held by a previous say-ur-intent instance; taking it over", {
-            port,
-            previousPid: holder.pid
-        });
-        const terminated = deps.terminate(holder.pid);
-        if (!terminated.ok) {
-            if (terminated.reason === "no_permission") {
-                throw new Error(`Review server port ${port} is held by a ${deps.serviceName} instance owned by another OS user; cannot take it over. ` +
-                    `Set SAY_UR_INTENT_REVIEW_PORT to a free port for this client.`);
+        throw error;
+    }
+}
+/**
+ * Bind the review server to its fixed port, or defer to a healthy peer already
+ * serving it.
+ *
+ * - Port free → bind and own the single review origin.
+ * - Port held by a separate healthy instance of our review server → defer (run no
+ *   local server; the peer serves the shared database for every client) and watch for
+ *   the owner to exit, then take the origin over. No process is ever signalled.
+ * - Port held by anything else (foreign, no identity answer, or our own pid) → clear
+ *   error; the origin is never silently reassigned.
+ */
+export async function startOrDeferReviewServer(start, port, deps) {
+    const owned = await tryStart(start, port);
+    if (owned) {
+        deps.logger.info("review server bound; owning the review origin", { port });
+        return { deferred: false, close: () => owned.close() };
+    }
+    const holder = await deps.probeIdentity(port);
+    if (!holder || holder.service !== deps.serviceName || holder.pid === deps.currentPid) {
+        throw new Error(`Review server port ${port} is already in use by a process that is not a separate ${deps.serviceName} review server. ` +
+            `Set SAY_UR_INTENT_REVIEW_PORT to a free port. The port is not reassigned automatically so the wallet autoconnect origin stays stable.`);
+    }
+    deps.logger.info("review port owned by a healthy peer; deferring and watching for takeover", {
+        port,
+        ownerPid: holder.pid,
+        ...(holder.version ? { ownerVersion: holder.version } : {})
+    });
+    const reacquireIntervalMs = deps.reacquireIntervalMs ?? DEFAULT_REACQUIRE_INTERVAL_MS;
+    let stopped = false;
+    let acquired;
+    const watch = (async () => {
+        while (!stopped && !acquired) {
+            await deps.delay(reacquireIntervalMs);
+            if (stopped || acquired) {
+                break;
             }
-            if (terminated.reason === "error") {
-                throw new Error(`Failed to stop the ${deps.serviceName} instance holding review port ${port}: ${terminated.message ?? "unknown error"}.`);
+            const next = await tryStart(start, port);
+            if (!next) {
+                continue; // a peer still owns the port; keep deferring
             }
-            // not_found: the holder already exited between probe and signal; fall
-            // through and rebind.
-        }
-        const waitForReleaseMs = deps.waitForReleaseMs ?? 3000;
-        const pollIntervalMs = deps.pollIntervalMs ?? 100;
-        const attempts = Math.max(1, Math.ceil(waitForReleaseMs / pollIntervalMs));
-        for (let attempt = 0; attempt < attempts; attempt++) {
-            await deps.delay(pollIntervalMs);
-            try {
-                return await start(port);
+            if (stopped) {
+                await next.close();
+                break;
             }
-            catch (retryError) {
-                if (errorCode(retryError) !== "EADDRINUSE") {
-                    throw retryError;
-                }
+            acquired = next;
+            deps.logger.info("acquired review port after the previous owner exited", { port });
+        }
+    })();
+    watch.catch(() => undefined);
+    return {
+        deferred: true,
+        close: async () => {
+            // Stop watching; the loop's stopped-check closes any bind that lands in-flight,
+            // so we never await the (possibly mid-delay) watch loop here.
+            stopped = true;
+            if (acquired) {
+                await acquired.close();
             }
         }
-        throw new Error(`Review server port ${port} did not become free after stopping the previous ${deps.serviceName} instance (pid ${holder.pid}). ` +
-            `Set SAY_UR_INTENT_REVIEW_PORT to a free port.`);
-    }
+    };
 }
 /**
- * Ask whatever is listening on the loopback review port to identify itself. Only
- * our own review server answers `/__identity`; any other process either returns
- * something else or does not answer, and we report it as "not ours" so the
- * caller never signals it.
+ * Ask whatever is listening on the loopback review port to identify itself. Only our
+ * own review server answers `/__identity`; any other process either returns something
+ * else or does not answer, and we report it as "not ours" so the caller never defers
+ * to it.
  */
 export async function probeReviewServerIdentity(port, host = "127.0.0.1", timeoutMs = 1000) {
     try {
@@ -100,29 +113,3 @@ export async function probeReviewServerIdentity(port, host = "127.0.0.1", timeou
         return null;
     }
 }
-/**
- * Gracefully signal a same-user process. SIGTERM lets the previous instance run
- * its own shutdown handler (close the review server and database, then exit).
- * Killing another OS user's process fails with EPERM, which we report instead of
- * escalating.
- */
-export function terminateProcessByPid(pid) {
-    try {
-        process.kill(pid, "SIGTERM");
-        return { ok: true };
-    }
-    catch (error) {
-        const code = errorCode(error);
-        if (code === "ESRCH") {
-            return { ok: false, reason: "not_found" };
-        }
-        if (code === "EPERM") {
-            return { ok: false, reason: "no_permission" };
-        }
-        return {
-            ok: false,
-            reason: "error",
-            message: error instanceof Error ? error.message : String(error)
-        };
-    }
-}

package/dist/runtime/smokeMainnetRead.js

@@ -9,11 +9,10 @@ import { validateSupportedAdapterLifecycle } from "../adapters/adapterLifecycleV
 import { SqliteActivityStore } from "../core/activity/sqliteActivityStore.js";
 import { TransactionActivityService } from "../core/activity/transactionActivityService.js";
 import { createSuiReadService } from "../core/read/readService.js";
-import { InMemorySessionStore } from "../core/session/sessionStore.js";
+import { LocalSessionStore } from "../core/session/sessionStore.js";
 import { createMcpServer } from "../mcp/server.js";
 import { TOOL_NAMES } from "../mcp/toolNames.js";
 import { createReviewHttpServer } from "../review-server/server.js";
-import { InMemoryLocalTransactionMaterialStore } from "../core/session/transactionMaterialStore.js";
 import { buildSupportedReviewAdapters } from "../adapters/reviewAdapters.js";
 import { createDeepbookSwapTransactionMaterialDigestProducer, createDeepbookSwapTransactionMaterialProducer } from "../adapters/deepbook/deepbookTransactionMaterialProducer.js";
 import { createDeepbookSwapHumanReadableReviewProducer } from "../adapters/deepbook/deepbookHumanReviewProducer.js";
@@ -121,11 +120,15 @@ async function main() {
             chainIdentifier,
             coinMetadataCache: activityStore.createCoinMetadataCache()
         });
-        const transactionMaterialStore = new InMemoryLocalTransactionMaterialStore();
-        const sessions = new InMemorySessionStore({
+        const transactionMaterialStore = activityStore.createTransactionMaterialStore();
+        const sessions = new LocalSessionStore({
             activityStore,
             logger,
-            validateAdapterLifecycle: validateSupportedAdapterLifecycle
+            validateAdapterLifecycle: validateSupportedAdapterLifecycle,
+            sessions: activityStore.createSessionRecordStore(),
+            artifacts: activityStore.createPrivateReviewArtifactStore(),
+            walletIdentityStore: activityStore.createWalletIdentityRecordStore(),
+            settingsStore: activityStore.createSettingsRecordStore()
         });
         reviewServer = await createReviewHttpServer({
             host: config.reviewHost,

package/dist/runtime/start.js

@@ -15,13 +15,12 @@ import { createSuiReadService } from "../core/read/readService.js";
 import { createTransactionObjectOwnershipProducer } from "../core/action/transactionObjectOwnershipProducer.js";
 import { createReviewTimeSimulationProducer } from "../core/action/reviewTimeSimulationEvidence.js";
 import { producePtbVisualizationArtifact } from "../core/action/ptbVisualizationProducer.js";
-import { InMemoryLocalTransactionMaterialStore } from "../core/session/transactionMaterialStore.js";
-import { InMemorySessionStore } from "../core/session/sessionStore.js";
+import { LocalSessionStore } from "../core/session/sessionStore.js";
 import { createMcpServer, startMcp } from "../mcp/server.js";
 import { SERVER_NAME, SERVER_NETWORK, SERVER_VERSION } from "../mcp/serverInfo.js";
 import { createReviewHttpServer } from "../review-server/server.js";
 import { DEFAULT_SUI_GRAPHQL_URL, DEFAULT_SUI_GRPC_URL, composeRuntimeConfig, loadBootConfig } from "./config.js";
-import { probeReviewServerIdentity, startReviewServerWithTakeover, terminateProcessByPid } from "./reviewServerAcquire.js";
+import { probeReviewServerIdentity, startOrDeferReviewServer } from "./reviewServerAcquire.js";
 import { RuntimeLocalSettingsService } from "./localSettingsService.js";
 import { createStderrLogger } from "./logger.js";
 import { SuiEndpointError, verifyMainnetGraphqlEndpoint, verifyMainnetGrpcEndpoint } from "./suiEndpoint.js";
@@ -81,12 +80,16 @@ async function main() {
                 });
             }
         });
-        const transactionMaterialStore = new InMemoryLocalTransactionMaterialStore();
-        const sessions = new InMemorySessionStore({
+        const transactionMaterialStore = store.createTransactionMaterialStore();
+        const sessions = new LocalSessionStore({
             activityStore: store,
             transactionMaterialStore,
             logger,
-            validateAdapterLifecycle: validateSupportedAdapterLifecycle
+            validateAdapterLifecycle: validateSupportedAdapterLifecycle,
+            sessions: store.createSessionRecordStore(),
+            artifacts: store.createPrivateReviewArtifactStore(),
+            walletIdentityStore: store.createWalletIdentityRecordStore(),
+            settingsStore: store.createSettingsRecordStore()
         });
         const readService = createSuiReadService({
             client: suiClient,
@@ -169,22 +172,19 @@ async function main() {
                 network: SERVER_NETWORK
             }
         });
-        // The review origin is a single-port singleton: the newest instance takes
-        // the fixed port over from a previous instance of our own review server so
-        // the most recently started client owns the one wallet-autoconnect origin.
-        const reviewServer = await startReviewServerWithTakeover((port) => reviewServerFactory.start(port), config.reviewPort, {
+        // The review origin is a single-port singleton shared through the local database:
+        // whichever process owns the fixed port serves every client. A second instance
+        // defers to a healthy peer (no signals, no port war) and takes the origin over
+        // only if that peer exits.
+        const reviewServer = await startOrDeferReviewServer((port) => reviewServerFactory.start(port), config.reviewPort, {
             probeIdentity: (probePort) => probeReviewServerIdentity(probePort, config.reviewHost),
-            terminate: terminateProcessByPid,
             delay: (ms) => new Promise((resolve) => setTimeout(resolve, ms)),
             currentPid: process.pid,
             serviceName: SERVER_NAME,
             logger
         });
         reviewServerForCleanup = reviewServer;
-        logger.info("review server started", {
-            host: reviewServer.host,
-            port: reviewServer.port
-        });
+        logger.info(reviewServer.deferred ? "review server deferring to a healthy peer on the shared origin" : "review server started", { host: config.reviewHost, port: config.reviewPort, deferred: reviewServer.deferred });
         let shuttingDown = false;
         const shutdown = async (signal) => {
             logger.info("shutdown requested", { signal });
@@ -236,7 +236,7 @@ async function main() {
             promptSurfaces: ADAPTER_PROMPT_SURFACES,
             sessions,
             activityStore: store,
-            reviewBaseUrl: `http://${reviewServer.host}:${reviewServer.port}`,
+            reviewBaseUrl: `http://${config.reviewHost}:${config.reviewPort}`,
             readService,
             transactionActivityService: new TransactionActivityService({
                 activityStore: store,

package/docs/AGENT_BEHAVIOR.md

@@ -15,11 +15,11 @@ It is not the contributor rulebook and it is not enforcement. Development rules
 | External proposal review sessions | Non-signable review in the current release | `action.prepare_external_proposal_review` can create a review URL from a structured external payment or Sui action proposal. Treat the proposal as untrusted display and review context only. It does not build, verify, simulate, sign, or execute transaction material. |
 | Wallet signing | User-controlled on the local review page | MCP tools do not return signing readiness, signing data, or executable transaction bytes. Signing and execution happen only in the user's wallet from the local review page after the digest-gated handoff; results are recorded as execution receipts keyed by the review session. |
 | PTB visualization | Rendered with emitted wallet review contracts | `reviewState.ptbVisualization` can accompany an emitted wallet review contract as a Mermaid flowchart of the stored local transaction shape. Treat it as visualization evidence only, not transaction-building input, wallet authorization, signing data, signing readiness, payment execution readiness, or route recommendation. |
-| Transaction material build, wallet execution, fiat cash-out, and P&L | Partly implemented for DeepBook review; execution unsupported | Account-bound DeepBook swap review can build local unsigned transaction material that remains internal to the review server, internally bind a Sui transaction digest to that stored material, project human-readable review facts from material-bound quote policy and object ownership evidence, and summarize review-time simulation of the stored material. Wallet signature requests and execution remain unavailable; the byte handoff is gated on recomputed-digest equality with the reviewed contract. Fiat cash-out, P&L, tax, and cost-basis support are not part of the current release. |
+| Transaction material build, wallet execution, fiat cash-out, and P&L | Material build and review evidence implemented for DeepBook and FlowX swap review; MCP signing and execution out of scope; fiat cash-out and P&L out of scope | Account-bound DeepBook and FlowX swap review can build local unsigned transaction material that remains internal to the review server, internally bind a Sui transaction digest to that stored material, project human-readable review facts from material-bound quote policy and object ownership evidence, and summarize review-time simulation of the stored material. The MCP layer does not request wallet signatures, execute, or return transaction bytes; wallet signing and execution happen only in the user's wallet from the local review page after the digest-gated byte handoff, which is gated on recomputed-digest equality with the reviewed contract. Fiat cash-out, P&L, tax, and cost-basis are out of scope. |
 | Private-key custody, autonomous trading, fiat USD peg claims, and quote-only coverage or readiness claims | Unsupported safety and correctness boundary | Do not custody funds, hold private keys, or autonomously trade. Do not treat settlement assets as fiat USD, bank cash-out amounts, or peg guarantees. Do not turn quote-only conversion candidates into payment coverage, funding readiness, payment execution readiness, or signing readiness. |
 | Silent settlement-token selection and route ranking | Out of scope by current design | Do not silently choose USDC, USDT, or another settlement token for the user. Do not rank venues, choose routes, or make best-price recommendations. |
 | Other chains, autonomous trading, alerts, arbitrary Move calls, investment advice | Unsupported | Say the request is unsupported and redirect to available Sui mainnet read or review capabilities. |
-| Payment execution | Not yet available in the current release (sequenced later) | Intent evidence is separate from execution and does not build or execute payments. Do not describe payment execution as available until a reviewed implementation and response-local guidance exist. |
+| Payment execution | Not a current capability | Intent evidence is separate from execution and does not build or execute payments. Do not describe payment execution as available. |
 | Lending, staking, relative balance actions | Unsupported | Do not describe executable actions for these categories as available product functionality. |
 
 ## Meta Principles

package/docs/FRONTEND_POLICY.md

@@ -118,6 +118,11 @@ Review checks are generally details. Failed checks and warning checks that deter
 If the server returns a `PtbVisualizationArtifact`, the frontend may render only
 Mermaid flowchart text plus diagnostics. The panel must show the generated time,
 source, diagnostics, and unsupported-use boundary when those fields are present.
+The Mermaid graph may show a registered Move Registry package name in place of a
+registered package address, with a control to switch back to raw addresses and a
+copyable Mermaid source that keeps raw addresses; that name is a package identity
+label, not a safety, trust, route-quality, or signing-readiness signal, and any
+package that is not registered keeps its raw address.
 It must not store or render executable transaction material, wallet signature
 requests, private-key material, or arbitrary Move calls. A PTB graph is not a
 sign action, not a transaction-building action, not a wallet readiness signal,
@@ -139,7 +144,12 @@ wallet review contract, a connected wallet whose account equals the reviewed
 account, and a successful digest-gated handoff. The signing step shows no wallet picker:
 dapp-kit autoconnect restores the wallet recorded for the active account on the
 fixed-port origin, and the sign action stays gated on the connected account
-matching the reviewed account. While a handoff is outstanding the server locks the session
+matching the reviewed account. When autoconnect cannot establish a connection -
+for example after a reload or in a new tab, or for a hardware signer whose
+device session is not restored automatically - the signing step may offer a
+targeted reconnect for the one recorded wallet. That reconnect is not a wallet
+picker: it resumes the recorded wallet's signer session, and the sign action
+stays gated on the connected account matching the reviewed account. While a handoff is outstanding the server locks the session
 (state recomputes are refused) and the page shows a signing-in-progress state
 whose only action is cancel. Other states render:
 
@@ -210,7 +220,7 @@ Wallet and review screens must be keyboard reachable and screen-reader labeled.
 
 Native push notifications are out of scope. A frontend may use low-authority browser affordances such as document title changes for off-tab terminal results, but only after server status changes.
 
-Each session URL represents one independent tab surface. Cross-tab state sharing is out of scope unless a shared local store is explicitly designed.
+Each session URL represents one independent tab surface. Cross-tab state sharing is out of scope unless a shared local store is explicitly designed. That shared local store is now explicitly designed — the shared SQLite database (see docs/LOCAL_DB_ARCHITECTURE.md) — so live review and session state is shared across local clients through it, while the frontend still does not share state directly between browser tabs.
 
 ## Out Of Scope
 

package/docs/LOCAL_DB_ARCHITECTURE.md

@@ -1,6 +1,6 @@
 # Local DB Architecture
 
-Say Ur Intent uses a local SQLite database for durable product state that must survive MCP server restarts. The database stores account read context, Say Ur Intent review activity evidence, and user-requested bounded Sui activity facts. It is not a custody store, wallet authorization store, background indexer, complete wallet-history store, or raw transaction archive.
+Say Ur Intent uses a local SQLite database for durable product state that must survive MCP server restarts. The database stores account read context, Say Ur Intent review activity evidence, live review and session state shared across local AI clients, and user-requested bounded Sui activity facts. It is not a custody store, wallet authorization store, background indexer, complete wallet-history store, or raw transaction archive.
 
 This document is for maintainers and contributors who change local state, import/export behavior, activity queries, or review evidence storage. Product users normally need only the README and `docs/MCP_SETUP.md`.
 
@@ -53,6 +53,15 @@ WAL mode can create companion files next to the main database, such as `say-ur-i
 - `local_settings`: allowlisted local settings. The current key set is `suiGrpcUrl` and `suiGraphqlUrl`, stored as JSON-encoded text and applied after restart.
 - `coin_metadata_cache`: account-independent positive cache for Sui coin metadata used only to format wallet balance display amounts. Rows are keyed by normalized coin type and verified mainnet chain identifier, expire after 24 hours, and are excluded from local data export/import. Read or write failures for this cache block affected wallet unit reads with `metadata_cache_unavailable`; they are not reported as unavailable token decimals.
 
+The following live session tables hold runtime session state in the shared database so any one review server can serve a session another client created (see [Shared single-origin review server](#shared-single-origin-review-server)):
+
+- `live_review_sessions`: the live review session record — status, bound account, the pending wallet-handoff lock, the plan / review-state / execution-result JSON, and timestamps — keyed by session id.
+- `live_private_review_artifacts`: per-session private review evidence (the transaction-material handle, its digest commitment, and derived evidence), cascade-deleted with its review session.
+- `live_transaction_materials`: locally built unsigned transaction bytes stored as a BLOB behind a redacted handle, with a TTL; deleted on signing, terminal result, or expiry.
+- `live_wallet_identity_sessions` and `live_settings_sessions`: the short-lived wallet-identity and settings capture sessions, stored as validated JSON keyed by session id.
+
+These live tables are distinct from the append-only review evidence tables above: the evidence tables remain the durable activity/audit record, while the live tables hold the in-flight session state that the review server serves.
+
 Database columns use snake_case. MCP and HTTP JSON fields use camelCase, so the database `review_session_id` column stores the same review-session identity exposed as `reviewSessionId` in API responses.
 
 Table relationships:
@@ -72,6 +81,20 @@ Logical local data reset is the local settings page action that clears stored pr
 
 Non-terminal review session expiry is recorded lazily when the session is read or mutated after its TTL. There is no background expiry worker.
 
+## Shared single-origin review server
+
+All live session state lives in this one shared database, so multiple local AI clients (for example Claude and Codex running at the same time) share it. Exactly one process binds the fixed review port and serves every client's review pages from the shared database. A second client's MCP does not take the port over; it defers to that healthy peer and takes the origin over only if the owner exits. Because whichever process owns the port reads and writes the same session rows, a review created by one client is servable by the review server of another, and the single fixed origin keeps the browser wallet autoconnect stable.
+
+Cross-process writes rely on WAL plus `PRAGMA busy_timeout`. The one write that must be atomic across processes — the wallet handoff lock — is a single conditional `UPDATE` on `live_review_sessions.pending_handoff_digest`, so two processes cannot hand off two different transactions for the same session.
+
+### Unsigned transaction material on disk
+
+`live_transaction_materials` stores locally built unsigned transaction bytes so a review can be signed by whichever process owns the port, not only the process that built it. Because these bytes are now on disk in the shared database rather than only in one process's memory, the data directory is created `0700` and the database file is set `0600` so other operating-system users cannot read them; the bytes carry a short TTL and are deleted on signing, terminal result, or expiry. This store is separate from the review evidence path: the MCP tool layer still does not return transaction bytes, and the activity-store evidence inputs still reject transaction bytes, signatures, and signing material before write.
+
+### Schema versioning across shared clients
+
+The live session tables are added without changing `user_version`. A runtime that does not know a live table simply ignores it, so a newer client can introduce live tables while an older client keeps opening the same shared database. Only a change that an older runtime cannot safely read should raise `user_version`, and such a change requires updating every client that shares the database, because a runtime does not open a database whose `user_version` is newer than it supports.
+
 ## Boundaries
 
 The active account is a read context only. It is not signing authorization, login, authentication for transactions, custody, permission for transactions, or proof of ownership. It stores at most one address per database file; setting a new active account replaces the previous one without revoking anything onchain.

package/docs/MCP_SETUP.md

@@ -434,9 +434,10 @@ rather than silently moving.
 - Here, `blocked` means required review evidence or user action is missing for
   that session (for example `wallet_review_contract_emit_missing`), not a
   release-wide signing stop.
-- The package is not yet published to npm: use a developer checkout (local
-  build) or packed tarball. `npx` client configs in this guide start working
-  after the first npm publish.
+- The package is published to npm as `@stelis/say-ur-intent`, so the `npx` and
+  global-install client configs in this guide work directly. A developer
+  checkout (local build) or packed tarball is an option for testing local
+  changes.
 
 ## Mainnet Read Smoke
 

package/docs/MCP_TOOLS.md

@@ -595,7 +595,7 @@ Use these `reviewModel` fields for the proposal review answer:
   proposal;
 - `evidenceUsed`: local schema and proposal facts used for the review;
 - `missingEvidence`: wallet, recipient, target, simulation, or adapter evidence
-  not yet verified;
+  not verified;
 - `requiredUserChoices`: choices that remain with the user;
 - `unsupportedClaims`: conclusions the review does not support;
 - `freshness`: timestamp status for the proposal;
@@ -654,7 +654,7 @@ is completed and not listed as missing, and `reviewState.simulation` is valid
 only after `review_time_simulation` is completed and not listed as missing.
 
 When `reviewState.humanReadableReview` is present, it is displayable review
-evidence projected from previously verified review artifacts. Its `kind`
+evidence projected from verified review artifacts. Its `kind`
 currently identifies the first swap review projection. Its `assetFlow` raw
 amounts, coin types, decimals, minimum output, and fee facts come from the
 material-bound quote policy evidence. Its target pool and direction come from

package/docs/SDK_API.md

@@ -8,7 +8,7 @@ This document records the pinned SDK APIs used by the current runtime. The sourc
 - `@mysten/deepbook-v3`: `1.3.6`
 - `@mysten/dapp-kit-core`: `1.3.2`
 - `@flowx-finance/sdk`: `2.1.0`
-- `@stelis/agent-q-provider-sui`: `0.0.5`
+- `@stelis/agent-q-provider-sui`: `0.0.7`
 - `@zktx.io/ptb-model`: `0.5.0`
 - `mermaid`: `11.12.0`
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stelis/say-ur-intent",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "mcpName": "io.github.stelis-dev/say-ur-intent",
   "description": "Say Ur Intent is a local-first toolkit for helping AI applications and users inspect Sui DeFi actions before execution.",
   "license": "MIT",
@@ -54,7 +54,7 @@
     "@mysten/deepbook-v3": "1.3.6",
     "@mysten/sui": "2.17.0",
     "@scure/bip39": "2.2.0",
-    "@stelis/agent-q-provider-sui": "0.0.5",
+    "@stelis/agent-q-provider-sui": "0.0.7",
     "@zktx.io/ptb-model": "0.5.0",
     "better-sqlite3": "12.9.0",
     "mermaid": "11.12.0",

package/protocols/deepbook-v3.md

@@ -15,10 +15,10 @@ Protocol concepts referenced by current runtime evidence include:
 
 DeepBook orderbook, raw-quantity quote, and display-amount quote reads use an internal SDK simulation sender placeholder. They do not require wallet connection because these market reads are not wallet-account reads.
 
-Not yet implemented:
+Signable swap review for the account-bound DeepBook swap route is part of current runtime support; `read.list_supported_protocols` and the concrete MCP tool responses are the authoritative status. Before a `ready_for_wallet_review` state allows user-controlled signing on the local review page, the review server validates the pinned registry, refreshes the live quote, resolves objects, and runs `client.core.simulateTransaction` review.
+
+Out of scope:
 
-- Signable swap review.
 - Limit or market order review.
-- Wallet signing or execution.
 
-No DeepBook transaction should be exposed as signable until registry validation, live quote refresh, object resolution, and `client.core.simulateTransaction` review are implemented.
+The MCP layer and review API do not sign, execute, or return transaction bytes. Wallet signing and execution happen only in the user's wallet from the local review page.