sui-tester

Use when writing Move tests, setting up test suites, running gas benchmarks, or planning test strategy for SUI contracts. Triggers on "write tests", "test this module", "#[test]", "test coverage", "gas benchmark", "property-based test", or any Move testing task. Use even for simple "how do I test this function" questions.

7 stars

byfirst-mover-tw

View on GitHub Installation ↓

Best use case

sui-tester is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using sui-tester should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/sui-tester/SKILL.md --create-dirs "https://raw.githubusercontent.com/first-mover-tw/sui-dev-agents/main/skills/sui-tester/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/sui-tester/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How sui-tester Compares

Feature / Agent	sui-tester	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# SUI Tester

**Complete testing solution for SUI Move contracts and frontend applications.**

## Overview

This skill provides comprehensive testing across all layers:
- **Unit Tests** - Test individual Move functions
- **Integration Tests** - Test module interactions
- **E2E Tests** - Test complete user journeys (frontend + contract)
- **Property-Based Tests** - Test invariants with random inputs
- **Gas Benchmarks** - Measure and track gas consumption

## SUI Protocol 125 Testing Updates (mainnet v1.72.3+, testnet v1.73.0)

**Key changes affecting testing (June 2026):**
- **Regex Test Filtering:** Test filtering uses regex. Use `sui move test --filter "regex_pattern"` for precise test selection.
- **poseidon_bn254:** Available on all networks. Add tests for ZK-related functions using `sui::poseidon::poseidon_bn254`.
- **TxContext Flexible Positioning:** `TxContext` can be in any argument position. Update integration tests if they assume last-position TxContext.
- **gRPC Data Access:** Integration tests **must** use gRPC client — JSON-RPC Quorum Driver is disabled, permanent deactivation 2026-07-31.
- **`#[error]` Annotation:** Use `#[error]` on error constants for human-readable abort messages. Update `#[expected_failure]` tests to reference constant names, not hardcoded values.
- **GraphQL Simulation:** `events` field removed from `simulateResult`. Access events via `effects.events()` in dry-run tests.
- **Gas Re-benchmarking:** The New Move VM on testnet may produce different gas profiles compared to Protocol 118. If your tests assert specific gas values, re-run `sui move test --gas-limit` and update expected values.
- **Decoded Object Inspection:** `sui client object` now shows decoded struct fields — useful for manual verification during integration tests.

### Replay with sender impersonation (v1.72+)

The new `sui-fork` tool plus `sui replay --forking-mode` lets you replay a historical transaction while impersonating an arbitrary sender — useful for reproducing user-reported bugs without their keys.

```bash
sui replay <tx-digest> \
  --node https://graphql.devnet.sui.io/graphql \
  --forking-mode impersonate \
  --sender 0x<address>
```

Use this when an integration test needs to mimic real on-chain state under a specific signer.

## Quick Start

```bash
# Run all tests
sui move test

# Run with coverage
sui move test --coverage

# Generate coverage report
sui move coverage summary

# Run specific test (now uses regex!)
sui move test --filter "test_create_listing"

# Run all tests matching pattern
sui move test --filter "test_.*listing"
```

## Test Types

### 1. Move Unit Tests

```move
#[test]
fun test_create_listing() {
    let seller = @0xA;
    let mut scenario = test_scenario::begin(seller);
    
    // Create and verify listing
    let listing = create_listing(nft, 1000, ctx);
    assert!(price(&listing) == 1000, 0);
    
    test_scenario::end(scenario);
}
```

### 2. Integration Tests

Test cross-module interactions (marketplace + royalty).

### 3. Frontend E2E Tests

```typescript
// @check:skip
test('complete buy flow', async ({ page }) => {
    await page.goto('http://localhost:5173');
    await page.click('button:has-text("Connect Wallet")');
    // ... complete user journey
});
```

### 4. Property-Based Tests

```move
#[test]
fun property_price_distribution() {
    // Test invariant: total = seller + royalty + fee
    let iterations = 100;
    // ... verify invariant holds
}
```

### 5. Gas Benchmarks

```bash
sui move test --gas-profile
```

## Test Coverage

**Target:** >90% code coverage for core modules

### Quick Coverage Check

```bash
sui move test --coverage
sui move coverage summary
```

### Automated Coverage Analysis Tools

This skill includes Python scripts in `scripts/` for detailed coverage analysis:

```bash
# Location (relative to plugin install path)
SCRIPTS=<plugin_path>/skills/sui-tester/scripts

# Step 1: Run tests with coverage
cd /path/to/move/package
sui move test --coverage --trace

# Step 2: Source-level analysis (primary tool)
# Uses PTY to capture colored output, identifies exact uncovered segments
python3 $SCRIPTS/analyze_source.py -m <module_name>
python3 $SCRIPTS/analyze_source.py -m <module_name> -o coverage.md        # Markdown report
python3 $SCRIPTS/analyze_source.py -m <module_name> --json                # JSON output

# Step 3: LCOV statistics (function/line/branch breakdown)
sui move coverage lcov
python3 $SCRIPTS/analyze_lcov.py lcov.info -s sources/ --issues-only

# Step 4: Low-level bytecode analysis (optional)
sui move coverage bytecode --module <name> | python3 $SCRIPTS/parse_bytecode.py

# Step 5: Piped source analysis (alternative to analyze_source.py)
script -q /dev/null sui move coverage source --module <name> | python3 $SCRIPTS/parse_source.py
```

### Coverage Improvement Workflow

1. **Analyze** — Run `analyze_source.py` to get uncovered segments
2. **Identify gaps:**
   - Uncalled functions → write tests that call them
   - Uncovered assertions → write `#[expected_failure]` tests
   - Untaken branches → write tests for both if/else paths
3. **Write tests** for each gap (see patterns below)
4. **Verify** — Re-run analysis to confirm improvement
5. **Repeat** until >90% coverage

### Coverage Test Patterns

**A. Uncalled function:**
```move
#[test]
fun test_<function_name>() {
    let mut ctx = tx_context::dummy();
    <function_name>(&mut ctx);
    // Assert expected behavior
}
```

**B. Assertion failure path:**
```move
#[test]
#[expected_failure(abort_code = <ERROR_CONST>)]
fun test_<function>_fails_when_<condition>() {
    let mut ctx = tx_context::dummy();
    // Setup state that triggers the assertion failure
    <function_call_that_should_fail>();
}
```

**C. Branch coverage (if/else):**
```move
#[test]
fun test_<function>_when_true() { /* condition = true path */ }

#[test]
fun test_<function>_when_false() { /* condition = false path */ }
```

## Common Mistakes

❌ **Not using test_scenario properly**
- **Problem:** Tests fail with "object not found" errors
- **Fix:** Always call `test_scenario::next_tx` between transactions, clean up with `test_scenario::end`

❌ **Testing with unrealistic gas budgets**
- **Problem:** Tests pass but fail in production due to gas limits
- **Fix:** Set realistic gas budgets in tests, use `--gas-limit` flag

❌ **Ignoring test cleanup**
- **Problem:** Objects leak between tests, intermittent failures
- **Fix:** Delete all created objects or use `#[expected_failure]` for abort tests

❌ **Not testing error cases**
- **Problem:** Production failures from unexpected inputs
- **Fix:** Test all `assert!` and `abort` paths with `#[expected_failure(abort_code = X)]`

❌ **Skipping property-based tests for math**
- **Problem:** Edge cases cause overflow/underflow in production
- **Fix:** Test invariants with 100+ random inputs (prices, quantities, percentages)

❌ **Not benchmarking gas costs**
- **Problem:** Expensive operations drain user funds
- **Fix:** Run `sui move test --gas-profile`, track gas per operation

❌ **E2E tests without proper wallet setup**
- **Problem:** Tests fail on wallet connection
- **Fix:** Use Playwright with wallet mock or testnet faucet automation

## Configuration

Test execution targets:
- Unit tests: <30 seconds
- Integration tests: <2 minutes
- E2E tests: <10 minutes
- Full suite: <15 minutes

See [reference.md](references/reference.md) for complete test patterns and [examples.md](references/examples.md) for test examples. For installing the CLI, localnet setup, or faucet tokens, see the **sui-install** skill.

Related Skills

sui-zklogin

from first-mover-tw/sui-dev-agents

Use when implementing zkLogin on SUI — OAuth login (Google, Facebook, Apple, Twitch) with zero-knowledge proofs for privacy-preserving authentication. Triggers on "zkLogin", "social login on SUI", "Google login", "OAuth", "ephemeral keypair", "JWT proof", or any authentication flow that derives a SUI address from an OAuth provider. Also use when the user mentions "login without wallet extension".

sui-walrus

from first-mover-tw/sui-dev-agents

Use when storing or retrieving files using Walrus — SUI's decentralized blob storage. Triggers on "Walrus", "blob storage", "upload file to chain", "decentralized storage", "store NFT image", "IPFS alternative on SUI", "where to store NFT metadata", "host a site on-chain", or any off-chain data storage needs on SUI. Also use for Walrus Sites (decentralized web hosting), storing game assets, media files, or when the user asks "where do I put large files on SUI".

sui-wallet

from first-mover-tw/sui-dev-agents

Use when performing on-chain transactions (transfer, Move call, publish) through the agent's CLI wallet via MCP tools. Triggers on "transfer SUI", "call Move function", "publish package", "wallet status", "sign transaction", or any agent-driven on-chain operation. This is for headless/backend wallet operations — for browser wallet UI (React/Vue), use sui-frontend instead.

sui-suins

from first-mover-tw/sui-dev-agents

Use when integrating SuiNS (SUI Name Service) — resolving .sui names to addresses, reverse lookups, or registering names. Triggers on "SuiNS", ".sui name", "name resolution", "reverse lookup", "human-readable address", or any name service integration. Also use when the user wants to display user-friendly names instead of hex addresses.

sui-security-guard

from first-mover-tw/sui-dev-agents

Use when setting up security scanning, detecting leaked secrets/API keys, implementing pre-commit hooks, or auditing a Sui Move contract for security/architecture/quality issues. Triggers on "security scan", "detect secrets", "pre-commit hook", "security audit setup", "API key leaked", and on contract-level review requests like "audit this contract", "review access control", "is this Move safe", "check for vulnerabilities", "Move security review" — these load the SEC/DES/PAT/TST/QA/CFG finding registry in references/move-security-findings.md. For offensive/adversarial testing (attack vector discovery, writing exploits/PoCs), use sui-red-team instead. For Move style/idiom quality (non-security), use move-code-quality.

sui-seal

from first-mover-tw/sui-dev-agents

Use when implementing data encryption, access control, or secrets management on SUI using the Seal protocol. Triggers on threshold encryption, data privacy, token-gated content, encrypted storage, decryption policies, paywall, gated access, encrypted NFT metadata, private data sharing, or any scenario requiring on-chain access control for off-chain data. Also use when the user mentions Seal, pay-to-decrypt, "only NFT holders can see", or subscriber-only content on SUI.

sui-red-team

from first-mover-tw/sui-dev-agents

Use when performing adversarial security testing on SUI Move contracts — generating attack tests for access control bypass, integer overflow, object manipulation, economic exploits, reentrancy, and DoS vectors. Triggers on "red team", "attack test", "find vulnerabilities", "exploit", "pentest", "security test", or when the user wants to stress-test their contract's security. For defensive security setup (scanning, hooks, checklists), use sui-security-guard instead.

sui-passkey

from first-mover-tw/sui-dev-agents

Use when implementing WebAuthn passkeys or biometric authentication (Face ID, fingerprint, hardware keys) on SUI. Triggers on "passkey", "WebAuthn", "biometric login", "Face ID", "fingerprint auth", "FIDO2", or passwordless auth that uses device authenticators instead of seed phrases. Different from zkLogin (which uses OAuth providers).

sui-nautilus

from first-mover-tw/sui-dev-agents

Use when building verifiable off-chain computation, integrating external APIs with on-chain proof, or running trusted execution environments on SUI. Triggers on Nautilus, off-chain oracle, "verify API data on-chain", "connect external API to Move", "prove off-chain result", trusted compute, AWS Nitro Enclave, attestation, price feed, weather data on-chain, or any scenario requiring cryptographically verified external data. Also use when the user asks "how do I get real-world data into my SUI contract" or needs an oracle-like pattern.

sui-kiosk

from first-mover-tw/sui-dev-agents

Use when building NFT marketplaces, enforcing royalties, or managing transfer policies using SUI's Kiosk standard. Triggers on "Kiosk", "NFT marketplace", "transfer policy", "royalty enforcement", "list NFT for sale", "purchase rules", or any NFT commerce on SUI. Also use when the user asks about listing, delisting, or trading NFTs with enforced rules.

sui-install

from first-mover-tw/sui-dev-agents

Use when installing or updating the Sui CLI, managing CLI versions with suiup, or resolving environment/setup problems — "install sui", "update sui", "command not found", "sui not found", "client/server api version mismatch", build errors about "old dependencies", switching CLI versions per network, or installing toolchain components (Walrus, MVR, Move Analyzer, site-builder). Also use for first-time client setup, getting faucet tokens, recovering keys from a phrase, or "Cannot find gas coin for signer address". For deploying/upgrading packages use sui-deployer; for on-chain data queries use sui-ts-sdk.

sui-indexer

from first-mover-tw/sui-dev-agents

Use when building custom indexers, data pipelines, or event processors for the SUI blockchain. Triggers on "indexer", "data pipeline", "backfill", "event processor", "index transactions", "analytics dashboard", "aggregate on-chain data", "historical query", "track all trades", or any custom data extraction from SUI chain history. Also use when the user needs to build dashboards from on-chain data, process historical transactions, or set up real-time event streams.