npm - @mytechtoday/augment-extensions - Versions diffs - 0.7.0 → 1.2.0 - Mend

@mytechtoday/augment-extensions 0.7.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (483) hide show

package/augment-extensions/domain-rules/security/rules/web-security.md CHANGED Viewed

@@ -1,268 +1,268 @@
-# Web Security
-Web-specific security vulnerabilities and mitigations.
-## Cross-Site Scripting (XSS)
-### Reflected XSS
-```typescript
-// Bad - Reflected XSS
-app.get('/search', (req, res) => {
-  res.send(`<h1>Results for: ${req.query.q}</h1>`);  // ❌ XSS vulnerability
-});
-// Good - Escape output
-import escapeHtml from 'escape-html';
-app.get('/search', (req, res) => {
-  res.send(`<h1>Results for: ${escapeHtml(req.query.q)}</h1>`);
-});
-// Better - Use template engine with auto-escaping
-app.get('/search', (req, res) => {
-  res.render('search', { query: req.query.q });  // Handlebars, EJS auto-escape
-});
-```
-### Stored XSS
-```typescript
-// Bad - Storing unsanitized HTML
-app.post('/comments', async (req, res) => {
-  await db.comments.create({
-    content: req.body.content  // ❌ Stores malicious script
-  });
-});
-// Good - Sanitize HTML
-import DOMPurify from 'isomorphic-dompurify';
-app.post('/comments', async (req, res) => {
-  const sanitized = DOMPurify.sanitize(req.body.content, {
-    ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'a'],
-    ALLOWED_ATTR: ['href']
-  });
-  await db.comments.create({ content: sanitized });
-});
-```
-### Content Security Policy (CSP)
-```typescript
-// Good - Strict CSP
-app.use((req, res, next) => {
-  res.setHeader(
-    'Content-Security-Policy',
-    [
-      "default-src 'self'",
-      "script-src 'self'",
-      "style-src 'self' 'unsafe-inline'",
-      "img-src 'self' data: https:",
-      "font-src 'self'",
-      "connect-src 'self'",
-      "frame-ancestors 'none'",
-      "base-uri 'self'",
-      "form-action 'self'"
-    ].join('; ')
-  );
-  next();
-});
-// Good - CSP with nonce for inline scripts
-const nonce = crypto.randomBytes(16).toString('base64');
-res.setHeader('Content-Security-Policy', `script-src 'nonce-${nonce}'`);
-res.render('page', { nonce });
-// In template:
-// <script nonce="{{nonce}}">...</script>
-```
-## Cross-Site Request Forgery (CSRF)
-```typescript
-import csrf from 'csurf';
-// Good - CSRF protection
-const csrfProtection = csrf({ cookie: true });
-app.get('/form', csrfProtection, (req, res) => {
-  res.render('form', { csrfToken: req.csrfToken() });
-});
-app.post('/form', csrfProtection, (req, res) => {
-  // CSRF token validated automatically
-});
-// In HTML form:
-// <input type="hidden" name="_csrf" value="{{csrfToken}}">
-// Good - SameSite cookies (additional protection)
-app.use(session({
-  cookie: {
-    sameSite: 'strict',  // or 'lax'
-    secure: true,
-    httpOnly: true
-  }
-}));
-```
-## Clickjacking
-```typescript
-// Good - X-Frame-Options header
-app.use((req, res, next) => {
-  res.setHeader('X-Frame-Options', 'DENY');
-  next();
-});
-// Good - CSP frame-ancestors
-app.use((req, res, next) => {
-  res.setHeader('Content-Security-Policy', "frame-ancestors 'none'");
-  next();
-});
-// Allow specific domains
-res.setHeader('Content-Security-Policy', "frame-ancestors 'self' https://trusted.com");
-```
-## CORS (Cross-Origin Resource Sharing)
-```typescript
-import cors from 'cors';
-// Bad - Allow all origins
-app.use(cors({ origin: '*' }));  // ❌ Too permissive
-// Good - Whitelist specific origins
-const allowedOrigins = ['https://example.com', 'https://app.example.com'];
-app.use(cors({
-  origin: (origin, callback) => {
-    if (!origin || allowedOrigins.includes(origin)) {
-      callback(null, true);
-    } else {
-      callback(new Error('Not allowed by CORS'));
-    }
-  },
-  credentials: true,  // Allow cookies
-  methods: ['GET', 'POST', 'PUT', 'DELETE'],
-  allowedHeaders: ['Content-Type', 'Authorization']
-}));
-```
-## Security Headers
-```typescript
-import helmet from 'helmet';
-// Good - Use helmet for security headers
-app.use(helmet());
-// Manual configuration
-app.use((req, res, next) => {
-  // Prevent MIME sniffing
-  res.setHeader('X-Content-Type-Options', 'nosniff');
-  // XSS protection (legacy browsers)
-  res.setHeader('X-XSS-Protection', '1; mode=block');
-  // Clickjacking protection
-  res.setHeader('X-Frame-Options', 'DENY');
-  // HTTPS enforcement
-  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
-  // Referrer policy
-  res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
-  // Permissions policy
-  res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
-  next();
-});
-```
-## Cookie Security
-```typescript
-// Good - Secure cookie configuration
-res.cookie('sessionId', sessionId, {
-  httpOnly: true,      // Prevent JavaScript access
-  secure: true,        // HTTPS only
-  sameSite: 'strict',  // CSRF protection
-  maxAge: 3600000,     // 1 hour
-  domain: '.example.com',
-  path: '/',
-  signed: true         // Sign cookie
-});
-// Bad - Insecure cookie
-res.cookie('sessionId', sessionId);  // ❌ No security flags
-```
-## Session Fixation Prevention
-```typescript
-// Good - Regenerate session on login
-app.post('/login', async (req, res) => {
-  const user = await authenticate(req.body.email, req.body.password);
-  if (user) {
-    // Regenerate session ID
-    req.session.regenerate((err) => {
-      if (err) {
-        return res.status(500).json({ error: 'Login failed' });
-      }
-      req.session.userId = user.id;
-      res.json({ success: true });
-    });
-  }
-});
-```
-## Open Redirect Prevention
-```typescript
-// Bad - Open redirect vulnerability
-app.get('/redirect', (req, res) => {
-  res.redirect(req.query.url);  // ❌ Redirects to any URL
-});
-// Good - Validate redirect URL
-const allowedRedirects = ['/dashboard', '/profile', '/settings'];
-app.get('/redirect', (req, res) => {
-  const url = req.query.url;
-  if (!allowedRedirects.includes(url)) {
-    return res.status(400).json({ error: 'Invalid redirect' });
-  }
-  res.redirect(url);
-});
-// Good - Validate external redirects
-const allowedDomains = ['example.com', 'app.example.com'];
-const url = new URL(req.query.url);
-if (!allowedDomains.includes(url.hostname)) {
-  return res.status(400).json({ error: 'Invalid redirect domain' });
-}
-```
-## Best Practices
-1. **Prevent XSS** - Sanitize HTML, use CSP
-2. **CSRF protection** - Use CSRF tokens, SameSite cookies
-3. **Prevent clickjacking** - X-Frame-Options, CSP frame-ancestors
-4. **Configure CORS** - Whitelist specific origins
-5. **Security headers** - Use helmet middleware
-6. **Secure cookies** - httpOnly, secure, sameSite
-7. **Regenerate sessions** - On login/privilege change
-8. **Validate redirects** - Whitelist allowed URLs
-9. **Content-Type** - Set correct Content-Type headers
-10. **HTTPS only** - Enforce HTTPS with HSTS
+# Web Security
+Web-specific security vulnerabilities and mitigations.
+## Cross-Site Scripting (XSS)
+### Reflected XSS
+```typescript
+// Bad - Reflected XSS
+app.get('/search', (req, res) => {
+  res.send(`<h1>Results for: ${req.query.q}</h1>`);  // ❌ XSS vulnerability
+});
+// Good - Escape output
+import escapeHtml from 'escape-html';
+app.get('/search', (req, res) => {
+  res.send(`<h1>Results for: ${escapeHtml(req.query.q)}</h1>`);
+});
+// Better - Use template engine with auto-escaping
+app.get('/search', (req, res) => {
+  res.render('search', { query: req.query.q });  // Handlebars, EJS auto-escape
+});
+```
+### Stored XSS
+```typescript
+// Bad - Storing unsanitized HTML
+app.post('/comments', async (req, res) => {
+  await db.comments.create({
+    content: req.body.content  // ❌ Stores malicious script
+  });
+});
+// Good - Sanitize HTML
+import DOMPurify from 'isomorphic-dompurify';
+app.post('/comments', async (req, res) => {
+  const sanitized = DOMPurify.sanitize(req.body.content, {
+    ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'a'],
+    ALLOWED_ATTR: ['href']
+  });
+  await db.comments.create({ content: sanitized });
+});
+```
+### Content Security Policy (CSP)
+```typescript
+// Good - Strict CSP
+app.use((req, res, next) => {
+  res.setHeader(
+    'Content-Security-Policy',
+    [
+      "default-src 'self'",
+      "script-src 'self'",
+      "style-src 'self' 'unsafe-inline'",
+      "img-src 'self' data: https:",
+      "font-src 'self'",
+      "connect-src 'self'",
+      "frame-ancestors 'none'",
+      "base-uri 'self'",
+      "form-action 'self'"
+    ].join('; ')
+  );
+  next();
+});
+// Good - CSP with nonce for inline scripts
+const nonce = crypto.randomBytes(16).toString('base64');
+res.setHeader('Content-Security-Policy', `script-src 'nonce-${nonce}'`);
+res.render('page', { nonce });
+// In template:
+// <script nonce="{{nonce}}">...</script>
+```
+## Cross-Site Request Forgery (CSRF)
+```typescript
+import csrf from 'csurf';
+// Good - CSRF protection
+const csrfProtection = csrf({ cookie: true });
+app.get('/form', csrfProtection, (req, res) => {
+  res.render('form', { csrfToken: req.csrfToken() });
+});
+app.post('/form', csrfProtection, (req, res) => {
+  // CSRF token validated automatically
+});
+// In HTML form:
+// <input type="hidden" name="_csrf" value="{{csrfToken}}">
+// Good - SameSite cookies (additional protection)
+app.use(session({
+  cookie: {
+    sameSite: 'strict',  // or 'lax'
+    secure: true,
+    httpOnly: true
+  }
+}));
+```
+## Clickjacking
+```typescript
+// Good - X-Frame-Options header
+app.use((req, res, next) => {
+  res.setHeader('X-Frame-Options', 'DENY');
+  next();
+});
+// Good - CSP frame-ancestors
+app.use((req, res, next) => {
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'none'");
+  next();
+});
+// Allow specific domains
+res.setHeader('Content-Security-Policy', "frame-ancestors 'self' https://trusted.com");
+```
+## CORS (Cross-Origin Resource Sharing)
+```typescript
+import cors from 'cors';
+// Bad - Allow all origins
+app.use(cors({ origin: '*' }));  // ❌ Too permissive
+// Good - Whitelist specific origins
+const allowedOrigins = ['https://example.com', 'https://app.example.com'];
+app.use(cors({
+  origin: (origin, callback) => {
+    if (!origin || allowedOrigins.includes(origin)) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
+  credentials: true,  // Allow cookies
+  methods: ['GET', 'POST', 'PUT', 'DELETE'],
+  allowedHeaders: ['Content-Type', 'Authorization']
+}));
+```
+## Security Headers
+```typescript
+import helmet from 'helmet';
+// Good - Use helmet for security headers
+app.use(helmet());
+// Manual configuration
+app.use((req, res, next) => {
+  // Prevent MIME sniffing
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  // XSS protection (legacy browsers)
+  res.setHeader('X-XSS-Protection', '1; mode=block');
+  // Clickjacking protection
+  res.setHeader('X-Frame-Options', 'DENY');
+  // HTTPS enforcement
+  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
+  // Referrer policy
+  res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+  // Permissions policy
+  res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
+  next();
+});
+```
+## Cookie Security
+```typescript
+// Good - Secure cookie configuration
+res.cookie('sessionId', sessionId, {
+  httpOnly: true,      // Prevent JavaScript access
+  secure: true,        // HTTPS only
+  sameSite: 'strict',  // CSRF protection
+  maxAge: 3600000,     // 1 hour
+  domain: '.example.com',
+  path: '/',
+  signed: true         // Sign cookie
+});
+// Bad - Insecure cookie
+res.cookie('sessionId', sessionId);  // ❌ No security flags
+```
+## Session Fixation Prevention
+```typescript
+// Good - Regenerate session on login
+app.post('/login', async (req, res) => {
+  const user = await authenticate(req.body.email, req.body.password);
+  if (user) {
+    // Regenerate session ID
+    req.session.regenerate((err) => {
+      if (err) {
+        return res.status(500).json({ error: 'Login failed' });
+      }
+      req.session.userId = user.id;
+      res.json({ success: true });
+    });
+  }
+});
+```
+## Open Redirect Prevention
+```typescript
+// Bad - Open redirect vulnerability
+app.get('/redirect', (req, res) => {
+  res.redirect(req.query.url);  // ❌ Redirects to any URL
+});
+// Good - Validate redirect URL
+const allowedRedirects = ['/dashboard', '/profile', '/settings'];
+app.get('/redirect', (req, res) => {
+  const url = req.query.url;
+  if (!allowedRedirects.includes(url)) {
+    return res.status(400).json({ error: 'Invalid redirect' });
+  }
+  res.redirect(url);
+});
+// Good - Validate external redirects
+const allowedDomains = ['example.com', 'app.example.com'];
+const url = new URL(req.query.url);
+if (!allowedDomains.includes(url.hostname)) {
+  return res.status(400).json({ error: 'Invalid redirect domain' });
+}
+```
+## Best Practices
+1. **Prevent XSS** - Sanitize HTML, use CSP
+2. **CSRF protection** - Use CSRF tokens, SameSite cookies
+3. **Prevent clickjacking** - X-Frame-Options, CSP frame-ancestors
+4. **Configure CORS** - Whitelist specific origins
+5. **Security headers** - Use helmet middleware
+6. **Secure cookies** - httpOnly, secure, sameSite
+7. **Regenerate sessions** - On login/privilege change
+8. **Validate redirects** - Whitelist allowed URLs
+9. **Content-Type** - Set correct Content-Type headers
+10. **HTTPS only** - Enforce HTTPS with HSTS

package/augment-extensions/domain-rules/seo-sales-marketing/ANNOUNCEMENT.md ADDED Viewed

@@ -0,0 +1,143 @@
+# 🎉 SEO, Sales, and Marketing Content Standards Module - Now Available!
+## Release Date
+February 1, 2026
+## Overview
+We're excited to announce the release of the **SEO, Sales, and Marketing Content Standards** module for Augment Extensions! This comprehensive module provides AI-driven content creation standards for all your marketing needs.
+## What's Included
+### 📚 12 Comprehensive Rule Files
+- **Universal Marketing Standards** - Audience targeting, messaging frameworks, metrics
+- **Brand Consistency** - Voice, colors, logos, typography
+- **Asset Management** - Programmatic handling of marketing assets
+- **Legal Compliance** - FTC, CAN-SPAM, GDPR, WCAG compliance
+- **Conversion Optimization** - CTAs, A/B testing, funnel optimization
+- **SEO Optimization** - Keyword research, on-page SEO, technical SEO, schema markup
+- **Content Marketing** - Blog posts, long-form content, case studies, storytelling
+- **Social Media Marketing** - Platform-specific strategies, engagement, influencer marketing
+- **Email Marketing** - Campaigns, automation, segmentation, deliverability
+- **PPC Advertising** - Google Ads, Facebook Ads, bidding strategies, ad copy
+- **Affiliate & Influencer Marketing** - Partnerships, tracking, compliance
+- **Direct Sales** - Sales copy, objection handling, closing techniques
+### 📝 8 Complete Examples
+- SEO Blog Post
+- Social Media Campaign
+- Email Newsletter
+- Landing Page
+- PPC Ad Copy
+- Brand Kit (YAML)
+- Campaign Brief (YAML)
+- Content Calendar (YAML)
+### 🔧 5 JSON Schemas for Validation
+- Brand Kit Schema
+- Color Palette Schema
+- Campaign Brief Schema
+- Content Template Schema
+- Asset Inventory Schema
+### 📖 Documentation
+- **README.md** - Module overview and quick start
+- **USAGE-GUIDES.md** - 5 scenario-based usage guides
+- **TEST-VALIDATION.md** - Comprehensive validation report
+## Key Benefits
+✅ **Consistent Brand Voice** - Maintain brand consistency across all marketing channels
+✅ **SEO Optimization** - Follow best practices for search engine visibility
+✅ **Legal Compliance** - Ensure FTC, CAN-SPAM, GDPR, and WCAG compliance
+✅ **Conversion Optimization** - Implement proven CTA and funnel optimization techniques
+✅ **Multi-Channel Support** - Guidelines for blogs, social media, email, PPC, and more
+✅ **Programmatic Asset Management** - Structured handling of colors, logos, fonts, and media
+## Installation
+### With CLI (Recommended)
+```bash
+augx link domain-rules/seo-sales-marketing
+```
+### Manual Installation
+Copy the contents of this module to your project's `.augment/` folder.
+## Quick Start
+### Example 1: Create an SEO-Optimized Blog Post
+```
+Using the SEO optimization rules, create a blog post about [TOPIC].
+Requirements:
+- Focus keyword: [KEYWORD]
+- Target audience: [AUDIENCE]
+- Word count: 1500-2000 words
+- Include: title tag, meta description, H1/H2 structure, internal links, external links, schema markup
+```
+### Example 2: Launch a Social Media Campaign
+```
+Using the social media marketing rules, create a campaign for [PRODUCT/SERVICE].
+Requirements:
+- Platforms: Facebook, Instagram, Twitter, LinkedIn
+- Duration: [TIMEFRAME]
+- Goal: [AWARENESS/ENGAGEMENT/CONVERSIONS]
+- Include: post copy, hashtags, visual guidelines, posting schedule
+```
+### Example 3: Build a Brand Kit
+```
+Using the brand consistency rules and brand-kit schema, create a brand kit for [COMPANY].
+Requirements:
+- Brand voice: [VOICE ATTRIBUTES]
+- Primary colors: [COLORS]
+- Typography: [FONTS]
+- Logo variations: [VARIATIONS]
+- Include: YAML file following brand-kit.schema.json
+```
+## Module Stats
+- **Version**: 1.0.0
+- **Character Count**: ~288,256 characters
+- **Module Type**: domain-rules
+- **Priority**: high
+## Documentation
+- **Module Catalog**: See MODULES.md for complete entry
+- **Usage Guides**: See USAGE-GUIDES.md for 5 detailed scenario guides
+- **Validation Report**: See TEST-VALIDATION.md for module effectiveness assessment
+## What's Next
+Future enhancements planned for v1.1.0:
+- Video marketing rules (YouTube, TikTok, video ads)
+- Analytics integration guidelines
+- Marketing automation workflows
+- Localization and international marketing
+## Feedback
+We'd love to hear your feedback! If you have suggestions or encounter issues, please:
+1. Review the documentation in the module directory
+2. Check TEST-VALIDATION.md for known limitations
+3. Submit feedback through your project's issue tracker
+## License
+MIT
+---
+**Happy Marketing! 🚀**