feat(plugin-sui): Add movepump action

[ChainRex]

Relates to

Risks

Medium:

• Financial transactions involving user funds
• Integration with external MovePump contract
• Complex multi-step transaction process

Background

What does this PR do?

This PR implements token creation for MovePump on Sui Network. The implementation follows a three-step process:

• Update coin template bytecode with custom token metadata
• Publish new coin package to Sui network
• Create token on MovePump

What kind of change is this?

Features (non-breaking change which adds functionality)

Documentation changes needed?

Testing

Where should a reviewer start?

1. Review the main implementation in src/actions/movepump.ts
2. Check bytecode update logic in src/utils.ts
3. Review token template in src/template/template_coin/

Detailed testing steps

1. (Optional) Verify Template Bytecode

1. Compile the template_coin contract:

cd template/template_coin
sui move build

2. Generate bytecode and compare with constant:

xxd -c 0 -p build/template_coin/bytecode_modules/template_coin.mv | head -n 1

3. Verify the output matches TEMPLATE_COIN_BYTECODE in src/template/bytecode.ts

2. Test Token Creation via Bot Chat

1. Start conversation with Bot using this example format:

Create a new token called MyToken with symbol MTK on MovePump and buy 1 MTK. Here's the token info:
Description: My first token on MovePump
Image: https://example.com/token.png
Website: https://mytoken.com
Twitter: https://twitter.com/mytoken
Telegram: https://t.me/mytoken

2. Bot will process the request and return a response like:

Token MyToken (MTK) created successfully on MovePump!
Module ID: 0x[module_id]
Transaction: [transaction_hash]
View at: https://movepump.com/token/0x[module_id]::mtk::MTK

3. Visit the returned MovePump URL

[ChainRex]

POW

Transaction:https://suiscan.xyz/mainnet/tx/3G7PqwkDtCtZNvwXSM4cb7RVJPuZvLYycotf8P4rQ8L6
Token:https://movepump.com/token/0xf94928f8da383439908b5d0ae32dfaf51ff74a95f9ef46f9d1b97b007f5d68b4::eliza::ELIZA

[ChainRex]

@coderabbitai review

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request introduces a new feature for creating and buying tokens on the MovePump platform within the Sui plugin. It adds a comprehensive implementation for token creation, including new dependencies, bytecode management, and a dedicated action for token generation. The changes span multiple files, introducing new modules, utility functions, and configuration settings to support this functionality.

Changes

File	Change Summary
packages/plugin-sui/README.md	Added "Create and Buy Token on MovePump" feature section, new CREATE_AND_BUY_TOKEN action, and dependencies @mysten/move-bytecode-template and @mysten/bcs
packages/plugin-sui/package.json	Added dependencies @mysten/bcs@^1.2.1 and @mysten/move-bytecode-template@^0.1.0
packages/plugin-sui/src/actions/movepump.ts	New file implementing token creation and buying functionality with interfaces, validation, and transaction handling
packages/plugin-sui/src/index.ts	Added movepump action to suiPlugin object
packages/plugin-sui/src/move_bytecode_template.js	New WASM-based module for Move bytecode manipulation with serialization, deserialization, and constant update functions
packages/plugin-sui/src/template/bytecode.ts	Added TEMPLATE_COIN_BYTECODE constant
packages/plugin-sui/src/utils.ts	Added TokenMetadata interface and updateTokenBytecode function for bytecode manipulation
packages/plugin-sui/src/template/template_coin/	New Move package with configuration and source files for token template

Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (5)

packages/plugin-sui/src/actions/movepump.ts (3)

372-373: Provide user-friendly error messages

The error message returned to the user may expose internal details. Use a generic message to inform the user without revealing sensitive information.

Apply this diff:

- text: `Error creating token: ${error.message}`,
+ text: "An error occurred while creating the token. Please try again later.",

---

100-121: Parameterize hardcoded addresses

Hardcoding addresses like "0x2" reduces flexibility and maintainability. Define them as constants or configuration parameters.

Apply this diff:

+ const RECIPIENT_ADDRESS = "0x2";
...
- tx.transferObjects([upgradeCap], "0x2");
+ tx.transferObjects([upgradeCap], RECIPIENT_ADDRESS);

---

326-331: Enhance token metadata validation

Add checks for empty strings and invalid characters in tokenMetadata.name and tokenMetadata.symbol to ensure data integrity.

Apply this diff:

+ if (
+     !createAndBuyContent.tokenMetadata.name.trim() ||
+     !createAndBuyContent.tokenMetadata.symbol.trim()
+ ) {
+     throw new Error("Token name and symbol cannot be empty");
+ }

packages/plugin-sui/src/utils.ts (1)

61-92: Optimize multiple bytecode updates.

Four separate calls to update_constants could be combined.

Consider batching the updates:

const updates = [
  [metadata.symbol, "TMPL"],
  [metadata.name, "Template Coin"],
  [metadata.description, "Template Coin Description"],
  [metadata.imageUrl, "https://strapi-dev.scand.app/uploads/sui_c07df05f00.png"]
];
return updates.reduce((acc, [newVal, oldVal]) => 
  update_constants(acc, bcs.string().serialize(newVal).toBytes(), 
    bcs.string().serialize(oldVal).toBytes(), "Vector(U8)"), 
  updated);

packages/plugin-sui/README.md (1)

105-106: Add version constraints for critical dependencies.

Include version constraints for the new dependencies to ensure compatibility.

- `@mysten/move-bytecode-template`: Allows updating a pre-compiled bytecode
- `@mysten/bcs`: Small and lightweight library implements Binary Canonical Serialization (BCS) in TypeScript
+ `@mysten/move-bytecode-template` (^0.1.0): Allows updating a pre-compiled bytecode
+ `@mysten/bcs` (^1.2.1): Small and lightweight library implements Binary Canonical Serialization (BCS) in TypeScript

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5c9a8d6 and c62cd42.

⛔ Files ignored due to path filters (1)

• packages/plugin-sui/src/template/template_coin/Move.lock is excluded by !**/*.lock

📒 Files selected for processing (11)

• packages/plugin-sui/README.md (3 hunks)
• packages/plugin-sui/package.json (1 hunks)
• packages/plugin-sui/src/actions/movepump.ts (1 hunks)
• packages/plugin-sui/src/index.ts (1 hunks)
• packages/plugin-sui/src/move_bytecode_template.js (1 hunks)
• packages/plugin-sui/src/template/.gitignore (1 hunks)
• packages/plugin-sui/src/template/bytecode.ts (1 hunks)
• packages/plugin-sui/src/template/template_coin/Move.toml (1 hunks)
• packages/plugin-sui/src/template/template_coin/sources/template_coin.move (1 hunks)
• packages/plugin-sui/src/utils.ts (2 hunks)
• packages/plugin-sui/tsconfig.json (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• packages/plugin-sui/src/template/.gitignore
• packages/plugin-sui/tsconfig.json
• packages/plugin-sui/src/template/bytecode.ts

🧰 Additional context used

🪛 Biome (1.9.4)

packages/plugin-sui/src/move_bytecode_template.js

[error] 84-84: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

🔇 Additional comments (7)

packages/plugin-sui/src/actions/movepump.ts (2)

172-183: Verify 'minGasAmount' sufficiency

Ensure that minGasAmount of 20000000n covers all transaction fees under varying network conditions to prevent failures.

---

353-355: Verify correctness of the token URL

Confirm that the constructed MovePump URL is accurate and leads to the intended token page.

packages/plugin-sui/src/index.ts (1)

3-3: LGTM!

The addition of the movepump action is correctly implemented.

packages/plugin-sui/src/template/template_coin/sources/template_coin.move (1)

34-35: Verify ownership transfer security.

The combination of public_transfer for treasury and public_share_object for metadata needs careful consideration.

✅ Verification successful

Transfer pattern follows secure coin initialization standard

The combination of transferring treasury to sender and sharing metadata publicly is the correct pattern for Sui coin initialization. The implementation includes proper access controls through the witness pattern and module initialization constraints.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for similar patterns in other coin modules
ast-grep --pattern 'transfer::public_transfer($_, $_);
transfer::public_share_object($_);'

Length of output: 92

---

Script:

#!/bin/bash
# Find all Move files that might contain coin implementations
fd -e move | xargs rg -l "coin" --ignore-case

# Search for public_transfer usage
rg "public_transfer" -A 2 -B 2

# Search for public_share_object usage
rg "public_share_object" -A 2 -B 2

Length of output: 1190

---

Script:

#!/bin/bash
# Get the complete function context
rg -B 10 -A 5 "public_transfer.*public_share_object" packages/plugin-sui/src/template/template_coin/sources/template_coin.move

Length of output: 128

---

Script:

#!/bin/bash
# Get the complete file content
cat packages/plugin-sui/src/template/template_coin/sources/template_coin.move

# Alternative search pattern
rg -B 15 -A 5 "transfer::" packages/plugin-sui/src/template/template_coin/sources/template_coin.move

Length of output: 1684

packages/plugin-sui/package.json (1)

23-24: Verify dependency versions for security.

New dependencies need version verification.

✅ Verification successful

Dependencies verified and properly integrated

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for known vulnerabilities
npm audit --json | jq '.advisories[] | select(.module_name | contains("@mysten"))'

# Check latest versions
npm view @mysten/bcs version
npm view @mysten/move-bytecode-template version

Length of output: 584

---

Script:

#!/bin/bash
# Check repository information for both packages
gh repo view mysten/sui -j | jq '{stars: .stargazerCount, updated: .updatedAt, issues: .openIssueCount}'

# Check for existing usage patterns
rg -l "@mysten/(bcs|move-bytecode-template)" --type json

Length of output: 636

---

Script:

#!/bin/bash
# Check repository details with correct syntax
gh repo view mysten/sui --json stargazerCount,updatedAt,openIssueCount

# Check actual usage of these packages
rg "@mysten/(bcs|move-bytecode-template)" -A 2 -B 2

Length of output: 4627

packages/plugin-sui/src/template/template_coin/Move.toml (1)

21-22: Verify address configuration.

Using 0x0 as the default address needs verification.

✅ Verification successful

Template address configuration is valid

The 0x0 address is appropriately used as a placeholder in this template implementation. This is expected to be replaced with an actual address during deployment.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for address usage patterns
rg -A 5 "0x0::" --type move

Length of output: 56

---

Script:

#!/bin/bash
# Find Move files and search for address patterns
fd -e move -x rg -l "0x0"

# Search for address configurations in Move.toml files
fd "Move.toml" -x rg -l "0x0"

# Look for documentation about address configuration
fd "README|CONTRIBUTING" -e md -x rg -l -i "address|0x0"

# Search for any address-related patterns
rg "address.*=.*0x" -A 2

Length of output: 3441

---

Script:

#!/bin/bash
# Check the content of the Move file
cat packages/plugin-sui/src/template/template_coin/sources/template_coin.move

# Check if there are any other Move.toml files with address configurations for comparison
fd "Move.toml" -x grep -l "addresses"

Length of output: 1196

packages/plugin-sui/README.md (1)

82-82: LGTM! Clear action definition.

The action definition clearly indicates the mainnet-only limitation.

[0xSero]

Is there a reason you're specifically using bytecode moves instead of a more readable form of code?

[ChainRex]

Is there a reason you're specifically using bytecode moves instead of a more readable form of code?

1. Move contracts cannot deploy other contracts at runtime.Each new contract must be compiled before deployment
2. Sui officially provides Move Bytecode Template library for modifying pre-compiled bytecode.

[wtfsayo]

@ChainRex where did you get the bytecode from? can you do remote fetch?

[odilitime]

Hello,

We are changing our plugin development strategy to be more scalable. We have moved the plugins out into their own repos and we're looking for people to either maintain those or own them on their own Github.

If you'd like to be a maintainer, file an issue in the plugin repo and join our Discord https://discord.gg/elizaos to coordinate.

If you'd like to control the plugin on your own Github, please add an issue to the plugin repo pointing to your repo, and add a modification to the registry. Submit a PR to edit the registry here: https://github.com/elizaos-plugins/registry

Closing this PR for now. Let us know if you have any questions.