Enforce policies on every tool call to the Sui MCP Server. 53 tools with suggested default rules ready to customise.
Last updated:
This policy includes sensible default rules. Download it, adjust the limits to match your use case, and run with Intercept.
# Download policy with default rules
curl -o io-github-expertvagabond-sui-mcp-server.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-expertvagabond-sui-mcp-server.yaml # Run with Intercept
intercept --policy io-github-expertvagabond-sui-mcp-server.yaml -- npx -y @sui-mcp-server Server documentation: https://github.com/ExpertVagabond/sui-mcp-server
This policy includes suggested default rules for common use cases. Adjust rate limits, add argument validation, or remove rules you don't need.
version: "1" description: "Policy for sui-mcp-server" # Set to "deny" to reject tool calls not listed below default: "allow" tools: # -- Financial Tools ---------------------------------------- # request_withdraw_stake: Withdraw staked SUI. request_withdraw_stake: rules: - action: deny on_deny: "Financial operation requires approval" # transfer_objects: Transfer one or more objects to a recipient address. transfer_objects: rules: - action: deny on_deny: "Financial operation requires approval" # transfer_sui: Transfer SUI from a managed wallet to a recipient address. Amount is in SUI (not MIST). transfer_sui: rules: - action: deny on_deny: "Financial operation requires approval" # -- Execute Tools ---------------------------------------- # dry_run_transaction: Dry-run a transaction to preview effects without executing. dry_run_transaction: rules: - action: allow rate_limit: 10/hour validate: required_args: true # -- Write Tools ---------------------------------------- # create_wallet: Create a new Sui wallet (Ed25519 keypair). Keys are held in memory only. create_wallet: rules: - action: allow rate_limit: 30/hour # import_wallet: Import a Sui wallet from a Bech32-encoded private key (suiprivkey...). import_wallet: rules: - action: allow rate_limit: 30/hour # merge_coins: Merge multiple coins into one. All coins must be the same type. merge_coins: rules: - action: allow rate_limit: 30/hour # move_call: Execute a Move function call. Arguments are passed as an array of strings/numbers. move_call: rules: - action: allow rate_limit: 30/hour # request_add_stake: Stake SUI with a validator. Amount is in SUI. request_add_stake: rules: - action: allow rate_limit: 30/hour # resolve_address: Reverse-resolve an address to its SuiNS name(s). resolve_address: rules: - action: allow rate_limit: 30/hour # resolve_name: Resolve a SuiNS name to an address. resolve_name: rules: - action: allow rate_limit: 30/hour # switch_network: Switch to a different Sui network. switch_network: rules: - action: allow rate_limit: 30/hour # -- Read Tools ---------------------------------------- # cetus_get_pool: Get detailed info for a specific Cetus pool by its object ID. cetus_get_pool: rules: - action: allow rate_limit: 60/minute # cetus_get_pools: Query Cetus CLMM pools by coin types. Returns pool addresses, liquidity, and fee rates. cetus_get_pools: rules: - action: allow rate_limit: 60/minute # deepbook_get_pool: Get DeepBook v3 pool info (order book) — mid price, spread, balances. deepbook_get_pool: rules: - action: allow rate_limit: 60/minute # dev_inspect: Simulate a Move call without executing it — returns results, gas cost, and effects. No wallet needed. dev_inspect: rules: - action: allow rate_limit: 60/minute # get_all_balances: Get all coin balances for an address (SUI and all other coin types). get_all_balances: rules: - action: allow rate_limit: 60/minute # get_balance: Get SUI balance for an address. get_balance: rules: - action: allow rate_limit: 60/minute # get_checkpoint: Get detailed checkpoint data by sequence number. get_checkpoint: rules: - action: allow rate_limit: 60/minute # get_coin_metadata: Get metadata for a coin type (name, symbol, decimals, description). get_coin_metadata: rules: - action: allow rate_limit: 60/minute # get_coins: Get coin objects of a specific type owned by an address. get_coins: rules: - action: allow rate_limit: 60/minute # get_committee_info: Get validator committee information for a specific epoch. get_committee_info: rules: - action: allow rate_limit: 60/minute # get_dynamic_fields: Get dynamic fields of an object. get_dynamic_fields: rules: - action: allow rate_limit: 60/minute # get_epoch_info: Get detailed info about epochs (current or historical). get_epoch_info: rules: - action: allow rate_limit: 60/minute # get_latest_checkpoint: Get the latest checkpoint sequence number. get_latest_checkpoint: rules: - action: allow rate_limit: 60/minute # get_move_call_metrics: Get Move call metrics — most-called packages, modules, and functions. get_move_call_metrics: rules: - action: allow rate_limit: 60/minute # get_move_function: Get details of a specific Move function. get_move_function: rules: - action: allow rate_limit: 60/minute # get_move_struct: Get a Move struct definition (fields, abilities, type parameters). get_move_struct: rules: - action: allow rate_limit: 60/minute # get_network_info: Get current network info: chain ID, epoch, reference gas price, checkpoint. get_network_info: rules: - action: allow rate_limit: 60/minute # get_normalized_module: Get the normalized Move module definition (functions, structs, etc.). get_normalized_module: rules: - action: allow rate_limit: 60/minute # get_object: Get details of a Sui object by its ID. get_object: rules: - action: allow rate_limit: 60/minute # get_object_history: Find all transactions that touched a given object (trace provenance). get_object_history: rules: - action: allow rate_limit: 60/minute # get_owned_objects: Get objects owned by an address. get_owned_objects: rules: - action: allow rate_limit: 60/minute # get_package_modules: List all modules in a Move package, with their functions and structs. get_package_modules: rules: - action: allow rate_limit: 60/minute # get_protocol_config: Get the current Sui protocol configuration (limits, features, gas settings). get_protocol_config: rules: - action: allow rate_limit: 60/minute # get_reference_gas_price: Get current reference gas price. get_reference_gas_price: rules: - action: allow rate_limit: 60/minute # get_stakes: Get all staking positions for an address. get_stakes: rules: - action: allow rate_limit: 60/minute # get_system_state: Get the full Sui system state: epoch, validators, stake distribution, gas price, storage fund. get_system_state: rules: - action: allow rate_limit: 60/minute # get_token_price: Get approximate token price by querying DeFi pool reserves. Supports common tokens: SUI, USDC, USDT, WETH, DEEP. get_token_price: rules: - action: allow rate_limit: 60/minute # get_total_supply: Get total supply of a coin type. get_total_supply: rules: - action: allow rate_limit: 60/minute # get_total_transactions: Get the total number of transactions on the network. get_total_transactions: rules: - action: allow rate_limit: 60/minute # get_transaction: Get transaction details by digest. get_transaction: rules: - action: allow rate_limit: 60/minute # get_validators: Get current validator set with APY, commission, and stake info. get_validators: rules: - action: allow rate_limit: 60/minute # list_common_tokens: List commonly used Sui token types (SUI, USDC, USDT, WETH, DEEP) with their full coin type addresses. list_common_tokens: rules: - action: allow rate_limit: 60/minute # list_wallets: List all wallets managed in this session. list_wallets: rules: - action: allow rate_limit: 60/minute # multi_get_objects: Batch-fetch multiple objects by their IDs in one call. multi_get_objects: rules: - action: allow rate_limit: 60/minute # query_events: Query on-chain events by type, sender, package, module, or transaction digest. query_events: rules: - action: allow rate_limit: 60/minute # query_transactions: Search and filter transactions by sender, recipient, input object, changed object, or Move function. query_transactions: rules: - action: allow rate_limit: 60/minute # request_faucet: Request SUI from the faucet (devnet/testnet only). request_faucet: rules: - action: allow rate_limit: 60/minute # split_coins: Split a coin into multiple coins with specified amounts (in MIST). split_coins: rules: - action: allow rate_limit: 60/minute # suins_get_name_record: Get detailed SuiNS name record — NFT ID, target address, expiration, metadata. suins_get_name_record: rules: - action: allow rate_limit: 60/minute # suins_get_price: Get SuiNS registration and renewal pricing. suins_get_price: rules: - action: allow rate_limit: 60/minute # swap_quote: Get a swap quote by simulating a Move call. Returns estimated output amount and gas cost without executing. swap_quote: rules: - action: allow rate_limit: 60/minute
Yes. The Sui server exposes 3 financial tools including request_withdraw_stake, transfer_objects, transfer_sui. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.
The Sui server has 8 write tools including create_wallet, import_wallet, merge_coins. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.
53 tools across 4 categories: Execute, Financial, Read, Write. 41 are read-only. 12 can modify, create, or delete data.
One line change. Instead of running the Sui server directly, prefix it with Intercept: intercept -c io-github-expertvagabond-sui-mcp-server.yaml -- npx -y @sui-mcp-server. Download a pre-built policy from policylayer.com/policies/io-github-expertvagabond-sui-mcp-server and adjust the limits to match your use case.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept