The Sui MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.
Financial operations (request_withdraw_stake, transfer_objects, transfer_sui) can move real money. An agent caught in a loop could drain accounts before anyone notices.
Write operations (create_wallet, import_wallet, merge_coins) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.
Execute tools (dry_run_transaction) trigger processes with side effects. Builds, notifications, workflows -- all fired without throttling.
These Sui tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.
create_wallet Create a new Sui wallet (Ed25519 keypair). Keys are held in memory only. Write import_wallet Import a Sui wallet from a Bech32-encoded private key (suiprivkey...). Write merge_coins Merge multiple coins into one. All coins must be the same type. Write move_call Execute a Move function call. Arguments are passed as an array of strings/numbers. Write request_add_stake Stake SUI with a validator. Amount is in SUI. Write resolve_address Reverse-resolve an address to its SuiNS name(s). Write resolve_name Resolve a SuiNS name to an address. Write switch_network Switch to a different Sui network. Write request_withdraw_stake Withdraw staked SUI. Financial transfer_objects Transfer one or more objects to a recipient address. Financial transfer_sui Transfer SUI from a managed wallet to a recipient address. Amount is in SUI (not MIST). Financial dry_run_transaction Dry-run a transaction to preview effects without executing. Execute These rules are based on the tool categories exposed by the Sui MCP server. Adjust the limits to match your use case.
request_withdraw_stake:
rules:
- action: deny
on_deny: "Financial operations require approval" Financial tools should be explicitly enabled per use case, not open by default.
create_wallet:
rules:
- name: "write-rate-limit"
rate_limit: 30/hour
on_deny: "Write rate limit reached" Prevents bulk unintended modifications from agents caught in loops.
cetus_get_pool:
rules:
- action: allow
rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
This is the complete policy file for Sui. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.
version: "1" default: "deny" tools: dry_run_transaction: rules: - action: allow rate_limit: 10/hour validate: required_args: true request_withdraw_stake: rules: - action: deny on_deny: "Financial operation requires approval" transfer_objects: rules: - action: deny on_deny: "Financial operation requires approval" transfer_sui: rules: - action: deny on_deny: "Financial operation requires approval" cetus_get_pool: rules: - action: allow rate_limit: 60/minute cetus_get_pools: rules: - action: allow rate_limit: 60/minute deepbook_get_pool: rules: - action: allow rate_limit: 60/minute dev_inspect: rules: - action: allow rate_limit: 60/minute get_all_balances: rules: - action: allow rate_limit: 60/minute get_balance: rules: - action: allow rate_limit: 60/minute get_checkpoint: rules: - action: allow rate_limit: 60/minute get_coin_metadata: rules: - action: allow rate_limit: 60/minute get_coins: rules: - action: allow rate_limit: 60/minute get_committee_info: rules: - action: allow rate_limit: 60/minute get_dynamic_fields: rules: - action: allow rate_limit: 60/minute get_epoch_info: rules: - action: allow rate_limit: 60/minute get_latest_checkpoint: rules: - action: allow rate_limit: 60/minute get_move_call_metrics: rules: - action: allow rate_limit: 60/minute get_move_function: rules: - action: allow rate_limit: 60/minute get_move_struct: rules: - action: allow rate_limit: 60/minute get_network_info: rules: - action: allow rate_limit: 60/minute get_normalized_module: rules: - action: allow rate_limit: 60/minute get_object: rules: - action: allow rate_limit: 60/minute get_object_history: rules: - action: allow rate_limit: 60/minute get_owned_objects: rules: - action: allow rate_limit: 60/minute get_package_modules: rules: - action: allow rate_limit: 60/minute get_protocol_config: rules: - action: allow rate_limit: 60/minute get_reference_gas_price: rules: - action: allow rate_limit: 60/minute get_stakes: rules: - action: allow rate_limit: 60/minute get_system_state: rules: - action: allow rate_limit: 60/minute get_token_price: rules: - action: allow rate_limit: 60/minute get_total_supply: rules: - action: allow rate_limit: 60/minute get_total_transactions: rules: - action: allow rate_limit: 60/minute get_transaction: rules: - action: allow rate_limit: 60/minute get_validators: rules: - action: allow rate_limit: 60/minute list_common_tokens: rules: - action: allow rate_limit: 60/minute list_wallets: rules: - action: allow rate_limit: 60/minute multi_get_objects: rules: - action: allow rate_limit: 60/minute query_events: rules: - action: allow rate_limit: 60/minute query_transactions: rules: - action: allow rate_limit: 60/minute request_faucet: rules: - action: allow rate_limit: 60/minute split_coins: rules: - action: allow rate_limit: 60/minute suins_get_name_record: rules: - action: allow rate_limit: 60/minute suins_get_price: rules: - action: allow rate_limit: 60/minute swap_quote: rules: - action: allow rate_limit: 60/minute create_wallet: rules: - action: allow rate_limit: 30/hour import_wallet: rules: - action: allow rate_limit: 30/hour merge_coins: rules: - action: allow rate_limit: 30/hour move_call: rules: - action: allow rate_limit: 30/hour request_add_stake: rules: - action: allow rate_limit: 30/hour resolve_address: rules: - action: allow rate_limit: 30/hour resolve_name: rules: - action: allow rate_limit: 30/hour switch_network: rules: - action: allow rate_limit: 30/hour
Download the policy
curl -o io-github-expertvagabond-sui-mcp-server.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-expertvagabond-sui-mcp-server.yaml
Run Intercept in front of the server
intercept -c io-github-expertvagabond-sui-mcp-server.yaml -- npx -y @sui-mcp-server
Works with any MCP client:
Every tool call is now checked against your policy before it reaches Sui. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept