Agent Trust Infrastructure for Sui

The identity and trust layer
for every agent on Sui

MoveGate gives every AI agent, trading bot and DAO executor a verifiable on-chain identity, bounded permissions enforced at the type-system level and an immutable behavior history that compounds with every action.

View on GitHub
6Move Modules
83Tests Passing
96.66%Line Coverage
0Warnings
MITLicense
The Problem Today
Full wallet keys or nothing
Every agent on Sui today requires either full wallet access (one hack loses everything) or manual approval per action. That defeats the purpose of automation.
What Is Missing
No trust layer exists
There is no way to verify whether an agent has operated reliably across 10,000 transactions or was deployed yesterday. No scoped permissions. No proof of what happened.
MoveGate Solves This
Bounded permissions and permanent identity
Four Move primitives enforced at the type-system level. Authorization bypass is not just prevented. It is structurally impossible at compile time.
Four Primitives

Everything built on four
on-chain primitives

Each primitive solves a distinct layer of the agent trust problem. Together they form a system where history cannot be faked and permissions cannot be exceeded.

01 · passport.move
AgentPassport
Permanent on-chain identity for every agent. Auto-created on first action. Free. Never deleted. Tracks total volume, success rate, unique protocols and streaks that feed a reputation score from 0 to 1000.
Auto-created · Free · Shared object · Score 0-1000 · Never deleted
02 · mandate.move
Mandate
Bounded permission object scoped by protocol, coin type, amount per transaction, daily limit, action type, expiry and minimum reputation score. Users grant exactly what agents need. Hierarchical delegation up to 5 levels deep.
Spend cap · Daily limit · Protocol whitelist · min_agent_score · Delegation depth 5
03 · mandate.move
AuthToken
A struct with zero Move abilities. No store, copy or drop. The Move compiler enforces at compile time that it must be consumed in the same Programmable Transaction Block. Bypass is not just prevented. It is structurally impossible.
Zero abilities · Consumed same PTB · Compile-time guarantee · Cannot escape
04 · receipt.move
ActionReceipt
Frozen on-chain record of every action via transfer::freeze_object. Records agent, protocol, amount, success or failure and the agent's reputation score at authorization time. Immutable. Cannot be modified or deleted by anyone.
freeze_object · Immutable forever · Feeds passport score · Cryptographic proof
How It Works

One transaction block.
Five guarantees.

Every authorized action flows through a single Programmable Transaction Block. All 10 checks run atomically before any state mutation. Click each step to see the code.

1
Agent Gets a Passport
Auto-created on first action. Free. No registration. A shared object that persists permanently and accumulates reputation data from every action.
2
User Creates a Mandate
Scoped permissions specifying protocol, coin type, amount per action, daily cap, expiry and the minimum reputation score the agent must hold.
3
10 Checks Run Atomically
All 10 checks execute before any state changes. If any check fails the entire PTB aborts. Zero partial state. Zero TOCTOU vulnerabilities.
4
Hot Potato AuthToken Issued
A zero-ability struct. Cannot be stored, copied or dropped. The protocol must consume it in the same PTB or the transaction reverts automatically.
5
Receipt Frozen On-Chain
ActionReceipt created and immediately frozen via freeze_object. Permanent, immutable proof. Feeds back into the agent's passport score automatically.
ensure_passport Move
// Auto-created on first action. Free. public(package) fun ensure_passport( registry: &mut AgentRegistry, agent: address, clock: &Clock, ctx: &mut TxContext ) { if (!table::contains( ®istry.passports, agent)) { let p = AgentPassport { id: object::new(ctx), agent, score: 0, total_actions: 0, created_at_ms: clock::timestamp_ms(clock), }; transfer::share_object(p); } }
Free. Automatic. Permanent.
Created the first time an agent touches MoveGate. No registration step. No fee. No friction. Becomes a shared object immediately so any protocol on Sui can query the agent's score without any setup.
Reputation System

A score impossible
to fake or buy

Computed from verified on-chain actions using integer-only math. No oracles. No floats. A 10-epoch cooldown prevents gaming. Minimum 10 actions before any score is computed.

REPUTATION FORMULA — MAX SCORE 1000
Accuracy
(successful / total) x 400
+400
Volume
min((total_vol / 1T MIST) x 200, 200)
+200
Account Age
min((days_active / 180) x 200, 200)
+200
Consecutive Streak
min((streak / 100) x 50, 50)
+50
Protocol Diversity
min((unique_protocols / 5) x 50, 50)
+50
Revocation Penalty
min(revocations x 50, 200)
-200
Maximum Score1,000
Verification Tiers

Admins assign tiers via AdminCap. Protocols gate access by requiring a minimum score and a minimum tier. This creates a trust market with zero manual management.

Tier 0
Default
No verification. Score still builds through real actions.
Tier 1 · Basic
Identity Confirmed
Agent identity verified by the MoveGate team.
Tier 2 · Audited
Code Reviewed
Agent code reviewed by a third-party security auditor.
Tier 3 · Certified
Full Audit Complete
Complete security audit. Required for institutional mandates with min_agent_score of 900 or above.
Why this compounds A fork of MoveGate starts every agent at score 0. Scores earned through real verified actions over months cannot be retroactively manufactured. The data asset grows more valuable every single day.
Use Cases

Built for every agent
operating on Sui

Any autonomous system that acts on a user's behalf fits the MoveGate model. From simple trading bots to complex DAO treasury executors.

DeFi Yield Optimizer
Continuously rebalances across NAVI and Scallop to maximize APY. Builds reputation over hundreds of rebalances. Reaches score 850 after 3 months, qualifying for institutional mandates requiring a minimum of 700.
ProtocolsNAVI, Scallop
Spend Cap5 SUI / tx
Daily Limit50 SUI / epoch
Min Score700
Automated Trading Bot
Executes swaps on Cetus based on market signals. Starts at score 0. After 2,400 trades with a 99.8% success rate that track record is on-chain and impossible to fabricate.
ProtocolCetus
Spend Cap0.5 SUI / tx
Actionsswap only
Min ScoreNone (builds over time)
DAO Treasury Executor
Executes approved governance proposals. The frozen receipt trail provides an immutable audit log for DAO compliance. Requires Certified tier and a score of 900 or above.
ProtocolGovernance contract
Min Score900
Tier3 (Certified)
ExpiryPer proposal cycle
Liquidation Bot
Lending protocols need liquidators 24/7. Setting min_agent_score of 600 lets new bots prove reliability on small liquidations before accessing high-value positions.
Actionsliquidate
Daily LimitUnlimited
Min Score600
ExpiryOngoing
Cross-Protocol Arbitrage
High-frequency agent across Cetus, Turbos and DeepBook. Delegates sub-mandates to specialized execution agents using delegation chains up to 5 levels deep.
ProtocolsCetus, Turbos, DeepBook
Min Score850
DelegationParent to 3 children
Max Depth1 of 5
Subscription Payments
Recurring monthly payments to a service provider. Scoped to a single payee with a fixed amount. Frozen receipts provide cryptographic payment proof for both parties.
Spend Cap10 SUI per month
Expiry365 days
Min ScoreNone required
Actiontransfer only
Security Model

Not policy. Not runtime.
Structural impossibility.

Every security property is enforced at the Move type-system level or through Sui's object model. Not through access control lists or runtime checks that can be misconfigured.

Checks Before Effects
All 10 authorization checks execute before any state mutation. No partial state updates on failure. Either the entire PTB succeeds or nothing changes.
Hot-Potato Enforcement
The Move type system guarantees at compile time that AuthTokens cannot escape the issuing transaction. This is not a runtime check. Bypass is structurally impossible.
Immutable Audit Trail
Frozen receipts provide non-repudiable proof of every action. Neither the agent, user nor protocol can alter historical records. Retroactive fabrication is cryptographically impossible.
Integer-Only Math
All fee calculations use u128 intermediary values. No floating point. No external oracles. Score computation uses min/max capping at every step to prevent overflow.
Package-Private Visibility
Event emitters and state mutators are public(package). External contracts cannot spoof MoveGate events or bypass the authorization gate from outside the package boundary.
No Passport Spoofing
ensure_passport is public(package). External contracts cannot create fake passports. Passport data only updates through authorized action flows within the package.
Fee Model

Revenue that scales with
ecosystem volume

Adoption comes first. Passport creation is free to eliminate friction. Authorization fees are micro-sized and configurable via AdminCap. Hard-capped at 5%.

Passport Creation
Free
0 MIST · always
Zero friction. Critical for adoption. Every agent on Sui should have a passport from day one. Cost must never be a barrier to building on-chain identity.
Mandate Creation
0.01
SUI · flat fee
Anti-spam plus revenue. One-time flat fee per mandate. Prevents flooding. Scales with user adoption rather than transaction volume alone.
Authorization Fee
2
basis points (0.02%)
Revenue scales with volume. Micro-fee on every authorized action. u128 intermediary prevents overflow. Configurable by AdminCap. Hard-capped at 5%.
Testnet Deployment

Live on Sui Testnet.
All contracts verified.

Six modules deployed. All shared objects live. 83 tests passing with 96.66% line coverage. Zero warnings in production code.

Deployment Info Testnet
NetworkSui Testnet
Package ID0xec91e604714e263ad43723d43470f236607bd0b13f64731aad36b00a61cf884a
Tx DigestAWJUKXSDEVvUrSBmSDhrncnRyBwsShQcQR6UJi16Ge5Q
AgentRegistry0xb2fadc7ccf9c7b578ba3b1adb8ebfd73191563e536b6b2cc18aa14dac6c7ba46
MandateRegistry0x26a66d91fef324b833d07d134e5ab6e796e0dfd77f670c27da099479d939b0d3
FeeConfig0x5c92c420f4b3801eb4126fcab6cb4b98212b31f591b4b3d0a025b4e4957120f3
ProtocolTreasury0xf0714bd816e595cacfc9e5921d1754cca0205f6b65867eab6183d0b0a98fc82c
Sui Version1.67.2 · edition 2024.beta
Module Structure 6 modules · 0 external deps
errors.move35 error codes across 7 categories. Every code has an inline comment explaining when it fires.
events.move11 typed event structs. All emitters are public(package) so external spoofing is impossible.
treasury.moveAdminCap, FeeConfig and ProtocolTreasury. All fee math uses u128 intermediary values.
passport.moveAgentPassport, AgentRegistry and the reputation scoring engine. Independent of the mandate layer.
mandate.moveMandate, AuthToken hot potato and the 10-check atomic authorization gate.
receipt.moveActionReceipt via transfer::freeze_object. Immutable forever on Sui.
Test Coverage · 83 Tests · 96.66% Line Coverage All Passing
Mandate Creation
15 tests
Expiry, spend cap, fee validation, empty protocol list
Authorization
16 tests
Wrong agent, expired, revoked, spend cap, daily limit
Revocation
4 tests
Non-owner revoke, double revoke, cascade behavior
Delegation
5 tests
Depth limit, protocol subset, child outlives parent
Passport
10 tests
Auto-creation, score threshold, streak reset, tiers
Integration
12+ tests
Full transaction flows, multi-action, epoch resets
Roadmap

From contracts to
permanent infrastructure

Layer 1 and Layer 2 are complete. The path from here is portals, audit and mainnet with revenue starting from day one.

Layer 1
Complete
Smart Contracts · Live on Testnet
6 Move modules. Zero external dependencies beyond the Sui framework.
83 tests passing across 7 test modules. 96.66% line coverage. Zero warnings.
All shared objects deployed and verified on Sui Testnet.
Layer 2
Complete
TypeScript SDK · @movegate/sdk v0.1.1
@movegate/sdk v0.1.1 published on npm. 37 tests passing.
Queries, tx builders, events, $extend pattern. 5 examples included.
Full TypeScript types for all on-chain objects.
Layer 3
Building Now
Three Frontend Portals
Protocol Partner Dashboard with agent intelligence and anomaly alerts for NAVI, Cetus and Scallop.
Agent Developer Console with mandate management, reputation tracker and SDK quickstart.
End User Mandate Manager with zkLogin (Google sign-in), plain-English controls and one-click revoke.
Audit
Upcoming
Security Audit · MoveBit
Full vulnerability checklist pre-verified. Audit report published publicly on Move Registry.
Bug bounty funded and live before mainnet launch.
Mainnet
Final
Production Deployment · Revenue Day One
AdminCap transferred to 3-of-5 multisig. Revenue starts at 2bps per authorized action.
NAVI integration live. Agent marketplace open. Reputation data begins compounding.
Open Source · MIT License

Build on MoveGate.
The infrastructure is open.

MoveGate is trust infrastructure. Open source is not a tradeoff. It is the correct decision for infrastructure that protocols must trust with their risk management.

Contracts on GitHub SDK on GitHub