# Development Rules for Movement dApps

Strict rules to follow when developing dApps on the Movement blockchain.

## Move Smart Contract Rules

### 1. Always Read the Reference First
```
BEFORE generating any Move code, ALWAYS read:
docs/MOVE_LANGUAGE_REFERENCE.md
```

### 2. Resource Safety
- Never leave resources dangling
- Always use `move_to`, `move_from`, `borrow_global`, `borrow_global_mut` correctly
- Resources with `key` ability must be stored in global storage

### 3. Access Control
- Always validate signers on privileged functions
- Use `signer::address_of(account)` to get caller address
- Check ownership before modifying resources

### 4. Error Handling
- Define error constants at module top
- Use descriptive names: `E_NOT_AUTHORIZED`, `E_INSUFFICIENT_BALANCE`
- Use `assert!` with error codes

### 5. Events
- Emit events for ALL state changes
- Use `#[event]` attribute for event structs
- Include relevant data in events

### 6. Testing
- Write tests for every public function
- Test error conditions with `#[expected_failure]`
- Aim for >90% coverage

## TypeScript Backend Rules

### 1. Type Safety
- Use strict TypeScript (`strict: true`)
- No `any` types
- Define interfaces for all data structures

### 2. Movement SDK Usage
- Use `@aptos-labs/ts-sdk` for blockchain interaction
- Configure for Movement network endpoints
- Handle transaction errors properly

### 3. Error Handling
- Wrap all async operations in try-catch
- Return consistent error responses
- Log errors for debugging

### 4. Configuration
- Use environment variables for secrets
- Never hardcode private keys
- Use `.env` files with `.env.example` templates

## React Frontend Rules

### 1. Wallet Integration
- Use `@aptos-labs/wallet-adapter-react`
- Handle connection states properly
- Show clear feedback for transactions

### 2. State Management
- Use React hooks for local state
- Use context for global state (wallet, config)
- Avoid prop drilling

### 3. Error Handling
- Show user-friendly error messages
- Handle wallet disconnection gracefully
- Provide transaction status feedback

### 4. Security
- Never store private keys in frontend
- Validate all user inputs
- Use HTTPS for API calls

## Network Configuration

### Testnet
```typescript
const TESTNET_CONFIG = {
  fullnode: "https://full.testnet.movementinfra.xyz/v1",
  chainId: 250,
  faucet: "https://faucet.movementnetwork.xyz/",
  explorer: "https://explorer.movementnetwork.xyz/?network=testnet"
};
```

### Mainnet
```typescript
const MAINNET_CONFIG = {
  fullnode: "https://full.mainnet.movementinfra.xyz/v1",
  chainId: 126,
  explorer: "https://explorer.movementnetwork.xyz/?network=mainnet"
};
```

## Code Quality Standards

1. **Formatting**: Use consistent formatting (Prettier for TS, Move formatter for Move)
2. **Comments**: Document complex logic, public APIs, and non-obvious code
3. **Naming**: Use descriptive names, follow language conventions
4. **Testing**: Write tests before or alongside code
5. **Review**: Always run `/review` before deployment