move-auditor
v3.0.0
Published
Audit Sui Move contracts with Claude, pay per file from your Slush wallet
Readme
@sui-audit/move-auditor
Audit Sui Move smart contracts with the Claude CLI, generate Markdown reports with Groq, and pay per file (1 USDC) from your Slush wallet — using an on-chain escrow that blocks funds on start, deposits on success, and refunds on failure or Ctrl+C.
Install
npm install -g @sui-audit/move-auditorRequires the Claude CLI on your PATH and a Groq API key.
Quick start
move-auditor # interactive: wallet -> choose files -> pay -> auditThe wizard:
- Asks for your Slush wallet address and validates it (Slush API + Sui RPC balance).
- Asks whether to audit a single .move file or the full codebase.
- Scans, counts
.movefiles, and shows the cost (1 USDC per file). - On yes, blocks the total in an on-chain escrow.
- Audits each file (Claude) and writes a Markdown report (Groq) to
./move-auditor-reports/. - On success → deposits the payment. On error or
Ctrl+C→ releases it (you are not charged).
Power-user mode (no payment, single file):
move-auditor scan path/to/contract.move -o report.mdConfiguration
Copy .env.example to .env and fill in:
| Variable | Purpose |
| --- | --- |
| GROQ_API_KEY | Report generation |
| SUI_NETWORK | testnet (default) / mainnet |
| ESCROW_PACKAGE_ID | Published move_auditor package id |
| TREASURY_ADDRESS | Receives captured (deposited) payments |
| USDC_COIN_TYPE | Payment coin type (defaults to Circle testnet USDC) |
| MOVE_AUDITOR_SECRET_KEY | Payer key — signs the escrow lock + refund (suiprivkey1... or base64) |
| TREASURY_SECRET_KEY | Treasury key — signs capture on success (operator/testnet) |
| SLUSH_API_URL / SLUSH_API_KEY | Slush API for wallet validation (optional) |
| BACKEND_URL | Upload finished runs to the per-user dashboard |
| MOVE_AUDITOR_MOCK_PAYMENT=1 | Dry-run the flow with no real funds |
Deploy the escrow contract
cd ../contracts
sui move build
sui client publish --gas-budget 100000000
# copy the published package id into ESCROW_PACKAGE_IDThe escrow module (apps/contracts/sources/audit_escrow.move) exposes:
lock(payment, authority)— payer blocks funds into a sharedAuditEscrow.capture(escrow)— authority sweeps funds to the treasury (success).refund(escrow)— payer or authority returns funds (failure / Ctrl+C).
Trust model & limitations (testnet build)
- A wallet API cannot silently move SUI — the payer signs the
lock. The CLI usesMOVE_AUDITOR_SECRET_KEYto sign locally. refundis payer-callable so rollback works offline (instant onCtrl+C). The trade-off: beforecapture, a payer could refund themselves. For production, harden with authority-only finalization (capture + refund via a backend signer or a time-lock) so a successful audit is always paid.captureneeds the treasury signer: setTREASURY_SECRET_KEY(operator/testnet) or route capture through the backend.- Crash recovery: an interrupted run leaves a
pendingHoldin~/.move-auditor/config.json; the next launch offers to release it.
