> ## Documentation Index
> Fetch the complete documentation index at: https://docs.privy.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sui examples

<Note>
  Sui policies use two method names for raw signing requests. Use `signRawMessageBytes` for unparsed
  raw signing requests. Use `signTransactionBytes` for parsed transaction bytes that evaluate
  `sui_transaction_command` or `sui_transfer_objects_command` conditions. There is no separate
  `signTransactionBytes` API endpoint.
</Note>

A Sui transaction consists of one or multiple inputs and commands. Common Sui commands to transfer stablecoins include:

* `SplitCoins`, which splits off one or more coins from a single coin.
* `MergeCoins`, which merges one or more coins of the same type into a single coin.
* `TransferObjects` is used to transfer objects to a specified destination address.

## Allow raw signing after a certain start date

Use `signRawMessageBytes` for unparsed raw signing requests. `signRawMessageBytes` rules support
system conditions, but do not support decoded transaction field sources like `sui_transaction_command` or
`sui_transfer_objects_command`.

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Only allow raw signing after a certain start date",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Only allow raw signing after a certain start date",
            "method": "signRawMessageBytes",
            "conditions": [
                {
                    "field_source": "system",
                    "field": "current_unix_timestamp",
                    "operator": "gt",
                    "value": "1757304000"  // 2025-09-08 00:00:00 UTC in seconds since epoch
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Allowlist specific Sui transaction commands

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Allow TransferObjects, SplitCoins and MergeCoins",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Allow TransferObjects, SplitCoins and MergeCoins commands",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transaction_command",
                    "field": "commandName",
                    "operator": "in",
                    "value": ["TransferObjects", "SplitCoins", "MergeCoins"]
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Configure a max amount on the TransferObjects command (summed amount per command, assuming coins are of the same type)

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "TransferObjects summed maximum amount",
    "chain_type": "sui",
    "rules": [
        {
            "name": "TransferObjects amount summed maximum",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transfer_objects_command",
                    "field": "amount",
                    "operator": "lt",
                    "value": "10000000"
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Allowlist a specific Sui transaction recipient

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Allow specific recipient",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Allow specific recipient",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transfer_objects_command",
                    "field": "recipient",
                    "operator": "eq",
                    "value": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Allowlist specific Sui transaction recipients with condition set

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Allow specific recipients with condition set",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Allow specific recipients with condition set",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transfer_objects_command",
                    "field": "recipient",
                    "operator": "in_condition_set",
                    "value": "a2p4etpcbj2dltbjfigybi8j"
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Restrict message signing

Use the `message` field source on `signRawMessageBytes` rules to constrain what messages a Sui wallet can sign. The `content` field supports string operators (`eq`, `contains`, `starts_with`, `ends_with`, `in`, `in_condition_set`), and the `byte_length` field supports numeric operators.

<Tabs>
  <Tab title="Allow messages with a specific prefix">
    ```ts {skip-check} theme={"system"}
    {
        "version": "1.0",
        "name": "Only allow ownership proof messages",
        "chain_type": "sui",
        "rules": [
            {
                "name": "Allow messages that start with an ownership proof prefix",
                "method": "signRawMessageBytes",
                "conditions": [
                    {
                        "field_source": "message",
                        "field": "content",
                        "operator": "starts_with",
                        "value": "Sign to prove ownership of"
                    }
                ],
                "action": "ALLOW"
            }
        ]
    }
    ```
  </Tab>

  <Tab title="Restrict message byte length">
    ```ts {skip-check} theme={"system"}
    {
        "version": "1.0",
        "name": "Limit signed message size",
        "chain_type": "sui",
        "rules": [
            {
                "name": "Only allow messages up to 256 bytes",
                "method": "signRawMessageBytes",
                "conditions": [
                    {
                        "field_source": "message",
                        "field": "byte_length",
                        "operator": "lte",
                        "value": "256"
                    }
                ],
                "action": "ALLOW"
            }
        ]
    }
    ```
  </Tab>

  <Tab title="Allow only specific messages">
    ```ts {skip-check} theme={"system"}
    {
        "version": "1.0",
        "name": "Allowlist specific messages",
        "chain_type": "sui",
        "rules": [
            {
                "name": "Only allow known message strings to be signed",
                "method": "signRawMessageBytes",
                "conditions": [
                    {
                        "field_source": "message",
                        "field": "content",
                        "operator": "in",
                        "value": ["I agree to the terms of service", "Confirm login"]
                    }
                ],
                "action": "ALLOW"
            }
        ]
    }
    ```
  </Tab>
</Tabs>

## Only allow transactions after a certain start date

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Only allow transactions after a certain start date",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Only allow transactions after a certain start date",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "system",
                    "field": "current_unix_timestamp",
                    "operator": "gt",
                    "value": "1757304000"  // 2025-09-08 00:00:00 UTC in seconds since epoch
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Allow transfers to a specific recipients after a certain timestamp

<Note>
  This is an example of mixing TransferObjects and System configurations.
</Note>

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Allow specific recipients after a certain timestamp",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Allow specific recipients after a certain timestamp",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transfer_objects_command",
                    "field": "recipient",
                    "operator": "in_condition_set",
                    "value": "a2p4etpcbj2dltbjfigybi8j",
                },
                {
                    "field_source": "system",
                    "field": "current_unix_timestamp",
                    "operator": "gt",
                    "value": "1757304000", // 2025-09-08 00:00:00 UTC in seconds since epoch
                }
            ],
            "action": "ALLOW"
        }
    ]
}
```

## Denylist recipients of a TransferObjects with condition sets

```ts {skip-check} theme={"system"}
{
    "version": "1.0",
    "name": "Denylist TransferObjects recipients with condition set",
    "chain_type": "sui",
    "rules": [
        {
            "name": "Denylist TransferObjects recipients with condition set",
            "method": "signTransactionBytes",
            "conditions": [
                {
                    "field_source": "sui_transfer_objects_command",
                    "field": "recipient",
                    "operator": "in_condition_set",
                    "value": "a2p4etpcbj2dltbjfigybi8j"
                }
            ],
            "action": "DENY", // Note: setting the action to 'ALLOW' makes this an allowlist
        }
    ]
}
```
