πͺ Architecture β
This document describes the system architecture of MoveAS.
Overview β
MoveAS is built as a modular, multi-chain platform for attestations. The architecture consists of:
- Smart Contracts: Move-based contracts deployed on Sui and Aptos
- SDK: TypeScript SDK for client integration
- Backend API: NestJS backend for indexing and querying
- Frontend Explorer: Next.js web interface
- Storage Layer: Walrus for off-chain data storage
- Privacy Layer: Seal for encryption
System Architecture β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Client Applications β
β (Web Apps, Mobile Apps, Backend Services, etc.) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
β SDK (TypeScript)
β
ββββββββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββ
β MoveAS Platform β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Frontend β β Backend β β SDK β β
β β (Next.js) β β (NestJS) β β (TypeScript) β β
β ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββ¬ββββββββ β
β β β β β
β βββββββββββββββββββ΄ββββββββββββββββββ β
β β β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββ΄βββββββββββββββββββ
β β
ββββββββββΌββββββββ βββββββββββΌββββββββββ
β Sui Chain β β Aptos Chain β
β β β β
β ββββββββββββ β β ββββββββββββ β
β β SAS β β β β AAS β β
β βContracts β β β βContracts β β
β ββββββ¬ββββββ β β ββββββ¬ββββββ β
β β β β β β
β ββββββββββΌβββββββββββββββββββ΄ββββββββ β
β β β
β ββββββββββββ β β
β β Registry β β β
β ββββββββββββ β β
ββββββββββββββββββ β
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β External Services β
β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β Walrus β β Seal β β Database β β
β β Storage β β Key Svr β β (PG) β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββComponent Details β
Smart Contracts β
Location: packages/contracts/
Sui (SAS):
sas.move: Main entry pointattestation.move: Attestation data structuresschema.move: Schema managementseal_access.move: Seal access controlattestation_registry.move: Attestation trackingschema_registry.move: Schema tracking
Aptos (AAS):
aas.move: Main entry pointattestation.move: Attestation data structuresschema.move: Schema managementresolver_dispatcher.move: Resolver pattern
SDK β
Location: packages/sdk/
Components:
Sas: Sui attestation service clientAas: Aptos attestation service clientCodec: Schema-based encoding/decodingWalrusClient: Walrus storage integrationSealWrapper: Seal encryption integration
Backend API β
Location: apps/backend/
Components:
- Indexers: Listen to blockchain events
- APIs: REST endpoints for querying
- Database: PostgreSQL for indexing
- Services: Business logic for attestations
Key Features:
- Event listening for new attestations
- Schema and attestation indexing
- Query APIs with filtering
- Caching for performance
Frontend Explorer β
Location: apps/frontend/
Components:
- Pages: Schema and attestation views
- Components: Reusable UI components
- API Integration: Backend API clients
- Wallet Integration: Sui and Aptos wallet support
Key Features:
- Browse schemas and attestations
- Create new attestations
- View attestation details
- Decrypt encrypted data
Data Flow β
Creating an Attestation β
- Client encodes data using Codec
- Client optionally encrypts data (Seal)
- Client optionally uploads to Walrus (off-chain)
- Client creates transaction via SDK
- SDK submits transaction to blockchain
- Contract emits
AttestationCreatedevent - Backend indexes attestation from event
- Frontend displays in explorer
Retrieving an Attestation β
- Client queries backend API or blockchain directly
- Backend returns attestation metadata
- Client retrieves data:
- On-chain: Read from object
- Off-chain: Download from Walrus
- Client optionally decrypts (Seal)
- Client decodes data using Codec
- Client verifies data integrity (hash)
Storage Architecture β
On-Chain Storage β
Attestation Object (Sui)
βββ Metadata (attestor, recipient, timestamps)
βββ Schema reference
βββ Data (vector<u8>) β Stored directlyOff-Chain Storage β
Attestation Object (Sui)
βββ Metadata (attestor, recipient, timestamps)
βββ Schema reference
βββ Walrus Sui Object ID
βββ Walrus Blob ID
βββ Data Hash (Blake2b-256)
βββ Encryption metadata (if encrypted)
Walrus Storage
βββ Blob Data β Actual data stored herePrivacy Architecture β
Seal Integration β
βββββββββββββββ
β Client β
β Encrypt β
ββββββββ¬βββββββ
β
ββββββββββββββββββββ
β β
ββββββββΌβββββββ ββββββββΌβββββββ
β Seal β β Walrus β
β Encrypt β β Upload β
ββββββββ¬βββββββ ββββββββ¬βββββββ
β β
ββββββββββ¬ββββββββββ
β
ββββββββββΌββββββββββ
β Create Attest. β
β On-Chain β
ββββββββββ¬ββββββββββ
β
ββββββββββΌββββββββββ
β Seal Key β
β Servers β
ββββββββββββββββββββDecryption Flow:
- Client creates SessionKey
- Client builds
seal_approvetransaction - Seal key servers verify on-chain policy
- Key servers return decryption keys
- Client decrypts data
- Client verifies hash
Security Architecture β
Access Control Layers β
- Contract Level: Move contracts enforce rules
- Object Ownership: Sui object ownership model
- Resolver Validation: Custom validation logic
- Seal Access Control: On-chain access policies
Data Integrity β
- On-Chain: Direct verification on blockchain
- Off-Chain: Blake2b-256 hash verification
- Encrypted: Hash of original data before encryption
Scalability β
Horizontal Scaling β
- Backend: Stateless API servers
- Database: Read replicas for queries
- Indexers: Multiple indexer instances
Vertical Scaling β
- Caching: Redis for frequently accessed data
- CDN: Static asset delivery
- Database Optimization: Indexing and query optimization
Future Architecture Improvements β
- Cross-Chain Bridge: Verify attestations across chains
- Distributed Storage: Multiple storage backends
- Layer 2 Support: Lower costs for high-volume use cases
- IPFS Integration: Additional decentralized storage option
Next: Contracts β