Skip to content

Add review-sui-contracts skill#12

Merged
bidzyyys merged 2 commits into
mainfrom
feat/review-sui-contracts
Jul 15, 2026
Merged

Add review-sui-contracts skill#12
bidzyyys merged 2 commits into
mainfrom
feat/review-sui-contracts

Conversation

@bidzyyys

@bidzyyys bidzyyys commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a new review-sui-contracts skill — AI-assisted review of Sui Move code that integrates OpenZeppelin Contracts for Sui (the "audit-support" capability). Named review- deliberately: it supports, and does not replace, a formal security audit.

What it reviews

  • Correct use of OZ primitives — capability/witness threaded (not hand-rolled sender checks), right arguments, documented aborts handled.
  • Who chooses the type argument, and is it the right one — a caller-chosen or developer-fixed wrong (weaker) role/witness is a privilege-escalation bug.
  • Deviations from the closest examples/ recipe (or the module doc-comment's idiomatic-usage block) and invariants the components document.
  • Copied library source, test coverage of the integration's abort/branch paths, and known issue classes (heuristic).
  • Code quality — enforced: violations are findings, not suggestions, against STYLEGUIDE.md + the code-quality procedure + --lint.
  • A verify-before-reporting pass (disprove each finding; keep the severity bar high) and one deduped, severity-ordered output.

Design

Methodology-first and SSOT-driven — reuses the develop-secure-contracts discovery chain and points at the library's own sources rather than restating them. Reads the primitive's API at the integrator's pinned Move.lock revision, and the library-wide conventions (llms.txt, catalogs, ARCHITECTURE.md, STYLEGUIDE.md) from main.

Notes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new review-sui-contracts skill that guides AI-assisted review of Sui Move integrations with OpenZeppelin Contracts for Sui, emphasizing methodology-first “reference discovery” (from the integrator’s pinned Move.lock deps) and enforcing OZ Sui code-quality conventions. Also surfaces the new skill in the repository’s main README skill list.

Changes:

  • Added skills/review-sui-contracts/SKILL.md defining the review scope, reference-discovery workflow, review checklist, and output format.
  • Updated README.md to include review-sui-contracts in the “Available Skills” table.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
skills/review-sui-contracts/SKILL.md Introduces the new skill documentation and review methodology for OZ Contracts for Sui integrations
README.md Adds the new skill to the top-level list of available skills

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ericnordelo ericnordelo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bidzyyys
bidzyyys force-pushed the feat/develop-secure-sui branch from 8c42f12 to 2641623 Compare July 15, 2026 09:47
bidzyyys added 2 commits July 15, 2026 12:58
New skill for AI-assisted review of Sui Move code that integrates OpenZeppelin
Contracts for Sui — the "audit-support" capability. It checks correct use of
OZ on-chain primitives (including which role/witness type gates each action),
deviations from the library's examples/doc-comments, upheld invariants, test
coverage, and code-quality/conventions (enforced against STYLEGUIDE.md).

Methodology-first and SSOT-driven: it reuses the develop-secure-contracts
discovery chain and points at the library's own sources (examples or module
doc-comments, ARCHITECTURE.md, STYLEGUIDE.md, code-quality procedure) rather
than restating them. Reads the primitive's API at the integrator's pinned
Move.lock revision and the library-wide conventions from main. Named `review-`
deliberately: it supports, and does not replace, a formal security audit.
…ES category

- Bump .claude-plugin/plugin.json 0.0.2 -> 0.0.3 for the Sui Move skills
- Add a Review section (11.1) to dev/TESTING.md covering the review-sui-contracts
  behavior: establish the reference at the pinned Move.lock rev, review the
  integrator's use, enforce STYLEGUIDE, verify before reporting, not an audit
- Add a "Review skills" category to dev/PRINCIPLES.md (Skill Organization + Scope)
@bidzyyys
bidzyyys force-pushed the feat/review-sui-contracts branch from 7dab301 to 11c35a3 Compare July 15, 2026 11:08
@bidzyyys
bidzyyys changed the base branch from feat/develop-secure-sui to main July 15, 2026 11:08
@bidzyyys
bidzyyys requested review from Copilot and ericglau July 15, 2026 11:09

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

@bidzyyys
bidzyyys merged commit 6f215af into main Jul 15, 2026
3 checks passed
@bidzyyys
bidzyyys deleted the feat/review-sui-contracts branch July 15, 2026 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

review-sui-contracts: AI review skill

5 participants