ai-flow-dev 1.0.1

package/templates/frontend/specs/security.template.md

@@ -0,0 +1,197 @@
+# Security Specification
+
+> Frontend security requirements and best practices for {{PROJECT_NAME}}
+
+---
+
+## 🎯 Security Strategy
+
+**CSP:** {{CSP_ENABLED}}
+**XSS Prevention:** {{XSS_PREVENTION}}
+**Secure Storage:** {{SECURE_STORAGE}}
+**HTTPS:** {{HTTPS_ENFORCEMENT}}
+**Dependency Scanning:** {{DEPENDENCY_SCANNING}}
+
+---
+
+## 🛡️ Content Security Policy (CSP)
+
+### CSP Configuration
+
+```html
+<!-- index.html -->
+<meta http-equiv="Content-Security-Policy" content="
+  default-src 'self';
+  script-src 'self' 'unsafe-inline' https://cdn.example.com;
+  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
+  img-src 'self' data: https:;
+  font-src 'self' https://fonts.gstatic.com;
+  connect-src 'self' https://api.example.com;
+  frame-ancestors 'none';
+">
+```
+
+### Strict CSP (Recommended)
+
+```html
+<meta http-equiv="Content-Security-Policy" content="
+  default-src 'self';
+  script-src 'self';
+  style-src 'self';
+  img-src 'self' data: https:;
+  font-src 'self';
+  connect-src 'self' https://api.example.com;
+  base-uri 'self';
+  form-action 'self';
+  frame-ancestors 'none';
+  upgrade-insecure-requests;
+">
+```
+
+---
+
+## 🔒 XSS Prevention
+
+### Input Sanitization
+
+```typescript
+// utils/sanitize.ts
+import DOMPurify from 'dompurify';
+
+export function sanitizeHtml(html: string): string {
+  return DOMPurify.sanitize(html, {
+    ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'a', 'p', 'br'],
+    ALLOWED_ATTR: ['href'],
+  });
+}
+```
+
+### Safe HTML Rendering
+
+```typescript
+// React
+<div dangerouslySetInnerHTML={{ __html: sanitizeHtml(userContent) }} />
+
+// Vue
+<div v-html="sanitizeHtml(userContent)" />
+```
+
+### URL Validation
+
+```typescript
+// utils/validateUrl.ts
+export function isValidUrl(url: string): boolean {
+  try {
+    const parsed = new URL(url);
+    return ['http:', 'https:'].includes(parsed.protocol);
+  } catch {
+    return false;
+  }
+}
+```
+
+---
+
+## 🔐 Secure Storage
+
+### Token Storage Strategy
+
+**Option 1: httpOnly Cookies (Most Secure)**
+
+```typescript
+// Backend sets httpOnly cookie
+// Frontend doesn't access token directly
+// Token sent automatically with requests
+```
+
+**Option 2: Memory Storage**
+
+```typescript
+// utils/auth.ts
+let authToken: string | null = null;
+
+export function setToken(token: string): void {
+  authToken = token; // Stored in memory only
+}
+
+export function getToken(): string | null {
+  return authToken;
+}
+
+export function clearToken(): void {
+  authToken = null;
+}
+```
+
+**Option 3: localStorage (Less Secure)**
+
+```typescript
+// Only for non-sensitive data
+// Never store sensitive tokens in localStorage
+const PREFERENCE_KEY = 'user_preferences';
+
+export function savePreferences(prefs: UserPreferences): void {
+  localStorage.setItem(PREFERENCE_KEY, JSON.stringify(prefs));
+}
+```
+
+---
+
+## 🔒 HTTPS Enforcement
+
+### Redirect HTTP to HTTPS
+
+```typescript
+// Redirect in production
+if (location.protocol === 'http:' && location.hostname !== 'localhost') {
+  location.replace(`https:${location.href.substring(location.protocol.length)}`);
+}
+```
+
+### HSTS Headers (Server-side)
+
+```
+Strict-Transport-Security: max-age=31536000; includeSubDomains
+```
+
+---
+
+## 🔍 Dependency Security
+
+### Automated Scanning
+
+```bash
+# npm audit
+npm audit
+
+# Fix vulnerabilities
+npm audit fix
+
+# Snyk
+npx snyk test
+
+# Dependabot (GitHub)
+# Automatically creates PRs for security updates
+```
+
+### Security Checklist
+
+- [ ] Run `npm audit` regularly
+- [ ] Keep dependencies updated
+- [ ] Review security advisories
+- [ ] Use Dependabot or similar
+- [ ] Remove unused dependencies
+
+---
+
+## 🔗 Related Documents
+
+- [Configuration](configuration.md) - Environment security
+- [Error Handling](../docs/error-handling.md) - Security error handling
+
+---
+
+**Last Updated:** {{GENERATION_DATE}}
+
+**Security Level:** {{SECURITY_LEVEL}}
+

package/templates/fullstack/README.template.md

@@ -0,0 +1,282 @@
+# {{PROJECT_NAME}}
+
+> {{PROJECT_DESCRIPTION}}
+
+---
+
+## 📋 Overview
+
+{{PROBLEM_STATEMENT}}
+
+**Target Users:** {{TARGET_USERS_SUMMARY}}
+
+---
+
+## ✨ Features
+
+{{#EACH FEATURE}}
+
+- **{{FEATURE_NAME}}**: {{FEATURE_DESCRIPTION}}
+  {{/EACH}}
+
+---
+
+## 🏗️ Tech Stack
+
+### Backend
+
+- **Framework:** {{FRAMEWORK}} {{FRAMEWORK_VERSION}}
+- **Language:** {{LANGUAGE}} {{LANGUAGE_VERSION}}
+- **Database:** {{DATABASE}}
+- **Authentication:** {{AUTH_METHOD}}
+
+### Frontend
+
+- **UI Framework:** {{UI_FRAMEWORK}} {{UI_FRAMEWORK_VERSION}}
+- **Build Tool:** {{BUILD_TOOL}}
+- **Styling:** {{STYLING_APPROACH}}
+- **State Management:** {{STATE_MANAGEMENT}}
+- **Testing:** {{UNIT_TEST_FRAMEWORK}}, {{E2E_FRAMEWORK}}
+
+---
+
+## 🚀 Getting Started
+
+### Prerequisites
+
+{{#EACH PREREQUISITE}}
+
+- {{PREREQUISITE_NAME}} {{PREREQUISITE_VERSION}}
+  {{/EACH}}
+
+### Installation
+
+```bash
+# Clone repository
+git clone {{REPOSITORY_URL}}
+cd {{PROJECT_DIR}}
+
+# Install backend dependencies
+cd backend
+{{INSTALL_COMMAND}}
+
+# Copy environment variables
+cp .env.example .env
+
+# Setup database
+{{DB_SETUP_COMMAND}}
+
+# Run migrations
+{{MIGRATION_COMMAND}}
+
+# Install frontend dependencies
+cd ../frontend
+{{PACKAGE_MANAGER}} install
+
+# Copy frontend environment variables
+cp .env.example .env
+```
+
+### Development
+
+**Backend:**
+```bash
+cd backend
+{{DEV_COMMAND}}
+```
+
+The backend API will be available at `{{DEV_URL}}`
+
+**Frontend:**
+```bash
+cd frontend
+{{PACKAGE_MANAGER}} run dev
+```
+
+The frontend application will be available at `{{FRONTEND_DEV_URL}}`
+
+---
+
+## 🧪 Testing
+
+**Backend:**
+```bash
+cd backend
+# Run all tests
+{{TEST_COMMAND}}
+
+# Run with coverage
+{{COVERAGE_COMMAND}}
+```
+
+**Frontend:**
+```bash
+cd frontend
+# Run all tests
+{{PACKAGE_MANAGER}} run test
+
+# Run with coverage
+{{PACKAGE_MANAGER}} run test:coverage
+
+# Run E2E tests
+{{PACKAGE_MANAGER}} run test:e2e
+```
+
+---
+
+## 📦 Building
+
+**Backend:**
+```bash
+cd backend
+# Build for production
+{{BUILD_COMMAND}}
+
+# Start production server
+{{PROD_COMMAND}}
+```
+
+**Frontend:**
+```bash
+cd frontend
+# Build for production
+{{PACKAGE_MANAGER}} run build
+
+# Preview production build
+{{PACKAGE_MANAGER}} run preview
+```
+
+---
+
+## 🔧 Available Scripts
+
+**Backend:**
+```bash
+{{#EACH SCRIPT}}
+# {{SCRIPT_DESCRIPTION}}
+{{SCRIPT_COMMAND}}
+
+{{/EACH}}
+```
+
+**Frontend:**
+```bash
+- {{PACKAGE_MANAGER}} run dev - Start development server
+- {{PACKAGE_MANAGER}} run build - Build for production
+- {{PACKAGE_MANAGER}} run preview - Preview production build
+- {{PACKAGE_MANAGER}} run test - Run tests
+- {{PACKAGE_MANAGER}} run lint - Run linter
+- {{PACKAGE_MANAGER}} run format - Format code
+```
+
+---
+
+## 📁 Project Structure
+
+```
+{{PROJECT_STRUCTURE}}
+```
+
+---
+
+## 📚 Documentation
+
+### Backend Documentation
+
+- [Architecture](docs/architecture.md) - System architecture and design patterns
+- [Data Model](docs/data-model.md) - Database schema and relationships
+- [Business Flows](docs/business-flows.md) - Main business processes and flowcharts
+- [API Reference](docs/api.md) - Endpoints and conventions
+- [Code Standards](docs/code-standards.md) - Coding conventions and quality rules
+- [Testing](docs/testing.md) - Testing strategy and requirements
+- [Operations](docs/operations.md) - Deployment and operational procedures
+- [Security](specs/security.md) - Security policies and compliance
+- [Configuration](specs/configuration.md) - Environment configuration
+- [Contributing](docs/contributing.md) - How to contribute
+
+### Frontend Documentation
+
+- [Components](docs/components.md) - Component architecture
+- [State Management](docs/state-management.md) - State patterns
+- [Styling](docs/styling.md) - Styling guidelines
+- [Testing](docs/testing.md) - Testing strategy
+- [Accessibility](specs/accessibility.md) - A11y requirements
+
+### For AI Assistants
+
+- [AGENT.md](AGENT.md) - Universal AI configuration
+- [AI Instructions](ai-instructions.md) - AI development rules and workflow
+
+---
+
+## 🔐 Environment Variables
+
+See `.env.example` files in both `backend/` and `frontend/` directories for all required environment variables.
+
+**Backend Critical Variables:**
+{{#EACH CRITICAL_VAR}}
+
+- `{{VAR_NAME}}` - {{VAR_DESCRIPTION}}
+  {{/EACH}}
+
+**Frontend Critical Variables:**
+{{#EACH FRONTEND_CRITICAL_VAR}}
+
+- `{{VAR_NAME}}` - {{VAR_DESCRIPTION}}
+  {{/EACH}}
+
+---
+
+## 🚀 Deployment
+
+See [docs/operations.md](docs/operations.md) for deployment procedures.
+
+**Backend Platform:** {{DEPLOYMENT_PLATFORM}}
+
+**Frontend Platform:** {{FRONTEND_DEPLOYMENT_PLATFORM}}
+
+**Environments:**
+
+- Development: Backend `{{DEV_URL}}` | Frontend `{{FRONTEND_DEV_URL}}`
+- Staging: Backend `{{STAGING_URL}}` | Frontend `{{FRONTEND_STAGING_URL}}`
+- Production: Backend `{{PRODUCTION_URL}}` | Frontend `{{FRONTEND_PRODUCTION_URL}}`
+
+---
+
+## 🤝 Contributing
+
+See [docs/contributing.md](docs/contributing.md) for contribution guidelines.
+
+1. Fork the repository
+2. Create feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit changes (`git commit -m 'feat: add amazing feature'`)
+4. Push to branch (`git push origin feature/amazing-feature`)
+5. Open Pull Request
+
+---
+
+## 📝 License
+
+{{LICENSE}}
+
+---
+
+## 👥 Team
+
+{{#EACH TEAM_MEMBER}}
+
+- **{{MEMBER_NAME}}** - {{MEMBER_ROLE}}
+  {{/EACH}}
+
+---
+
+## 📞 Support
+
+{{#IF SUPPORT_EMAIL}}- Email: {{SUPPORT_EMAIL}}{{/IF}}
+{{#IF SUPPORT_SLACK}}- Slack: {{SUPPORT_SLACK}}{{/IF}}
+{{#IF ISSUE_TRACKER}}- Issues: {{ISSUE_TRACKER}}{{/IF}}
+
+---
+
+**Generated with** [AI Flow](https://github.com/victorvelazquez/ai-flow) 🚀
+