backend-manager 5.0.203 → 5.1.0

package/src/manager/routes/admin/post/deduplicate-image-alts.js

@@ -0,0 +1,52 @@
+/**
+ * Deduplicate alt-text across DIFFERENT image URLs.
+ *
+ * Image filenames in the admin/post route are derived from the markdown image's
+ * alt-text. Two images sharing alt-text would otherwise produce the same filename
+ * and overwrite each other on upload, causing the second image to "disappear"
+ * (both `@post/` references in the body resolve to the same file).
+ *
+ * Strategy: when a non-header image's alt collides with an earlier image's alt
+ * AND its URL is different, suffix the alt with ` (N)` (where N is the
+ * occurrence count). Same URL keeps its original alt — repeated embeds of the
+ * exact same image are not a collision and should resolve to the same file.
+ *
+ * @param {Array<{src: string, alt: string, header?: boolean}>} images — image
+ *   entries extracted from the body (plus optional header). Mutated in place:
+ *   `image.alt` is rewritten when a collision is detected.
+ * @param {string} body — markdown body string. Returned with any
+ *   `![oldAlt](src)` rewritten to `![newAlt](src)` for collisions.
+ * @returns {{images: Array, body: string}} mutated images array and rewritten body.
+ */
+module.exports = function deduplicateImageAlts(images, body) {
+  const seenAltByUrl = new Map();
+  const altCountByAlt = new Map();
+  let rewrittenBody = body;
+
+  for (const image of images) {
+    if (image.header) {
+      continue;
+    }
+
+    const existingForUrl = seenAltByUrl.get(image.src);
+    if (existingForUrl) {
+      // Same URL appeared earlier — reuse its (possibly already-suffixed) alt.
+      // Repeated embeds of the same image should resolve to the same upload.
+      image.alt = existingForUrl;
+      continue;
+    }
+
+    const count = (altCountByAlt.get(image.alt) || 0) + 1;
+    altCountByAlt.set(image.alt, count);
+
+    if (count > 1) {
+      const newAlt = `${image.alt} (${count})`;
+      rewrittenBody = rewrittenBody.split(`![${image.alt}](${image.src})`).join(`![${newAlt}](${image.src})`);
+      image.alt = newAlt;
+    }
+
+    seenAltByUrl.set(image.src, image.alt);
+  }
+
+  return { images, body: rewrittenBody };
+};

package/src/manager/routes/admin/post/post.js

@@ -11,6 +11,8 @@ const path = require('path');
 const { Octokit } = require('@octokit/rest');
 const { get, set } = require('lodash');
 
+const deduplicateImageAlts = require('./deduplicate-image-alts');
+
 const POST_TEMPLATE = jetpack.read(`${__dirname}/templates/post.html`);
 const IMAGE_PATH_SRC = `src/assets/images/blog/post-{id}/`;
 const IMAGE_REGEX = /(?:!\[(.*?)\]\((.*?)\))/img;
@@ -63,14 +65,8 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
     return assistant.respond('Missing required parameter: body', { code: 400 });
   }
 
-  // Fix URL
-  settings.url = settings.url
-    .replace(/blog\//ig, '')
-    .replace(/^\/|\/$/g, '')
-    .replace(/[^a-zA-Z0-9]/g, '-')
-    .replace(/-+/g, '-')
-    .replace(/^-+|-+$/g, '')
-    .toLowerCase();
+  // Fix URL — strip blog/ prefix then slugify (slugify handles slashes/special chars)
+  settings.url = Manager.Utilities().slugify(settings.url.replace(/blog\//ig, ''));
 
   // Fix body
   settings.body = settings.body
@@ -159,6 +155,11 @@ async function downloadImages(assistant, settings) {
     header: true,
   });
 
+  // Deduplicate alt-text across different image URLs (mutates images in place,
+  // returns rewritten body). See deduplicate-image-alts.js for full rationale.
+  const dedup = deduplicateImageAlts(images, settings.body);
+  settings.body = dedup.body;
+
   assistant.log('downloadImages(): images', images);
 
   if (!images.length) {
@@ -199,7 +200,7 @@ async function downloadImages(assistant, settings) {
 // Helper: Download image
 async function downloadImage(assistant, src, alt) {
   const fetch = assistant.Manager.require('wonderful-fetch');
-  const hyphenated = hyphenate(alt);
+  const hyphenated = assistant.Manager.Utilities().slugify(alt);
 
   assistant.log(`downloadImage(): src=${src}, alt=${alt}, hyphenated=${hyphenated}`);
 
@@ -325,11 +326,3 @@ function formatClone(payload) {
   return payload;
 }
 
-// Helper: Hyphenate string
-function hyphenate(s) {
-  return s
-    .replace(/[^a-zA-Z0-9]/g, '-')
-    .replace(/-+/g, '-')
-    .replace(/^-|-$/g, '')
-    .toLowerCase();
-}

package/templates/_.env

@@ -3,6 +3,7 @@
 BACKEND_MANAGER_KEY=""
 BACKEND_MANAGER_NAMESPACE=""
 BACKEND_MANAGER_OPENAI_API_KEY=""
+BACKEND_MANAGER_ANTHROPIC_API_KEY=""
 
 # GitHub
 GITHUB_TOKEN=""
@@ -10,6 +11,9 @@ GITHUB_TOKEN=""
 # OpenAI
 OPENAI_API_KEY=""
 
+# Anthropic
+ANTHROPIC_API_KEY=""
+
 # Payment Processors
 PAYPAL_CLIENT_SECRET=""
 STRIPE_SECRET_KEY=""

package/templates/_.gitignore

@@ -48,6 +48,7 @@ node_modules/
 .runtimeconfig.json
 service-account*.json
 bem-reload-trigger.js
+.temp/
 _legacy
 
 # ========== Custom Values ==========

package/templates/backend-manager-config.json

@@ -7,6 +7,18 @@
     contact: {
       email: 'support@example.com',
     },
+    // Physical postal address — required by CAN-SPAM in commercial email footers.
+    // Rendered in the newsletter footer + transactional email footers.
+    // Structured so the renderer can format it consistently across locales
+    // and break onto multiple lines if needed. line2/region/postalCode are optional.
+    address: {
+      line1: '123 Main St',
+      line2: 'Suite 100',
+      city: 'City',
+      region: 'ST',
+      postalCode: '12345',
+      country: 'United States',
+    },
     images: {
       wordmark: 'https://example.com/wordmark.png',
       brandmark: 'https://example.com/wordmark.png',
@@ -17,6 +29,7 @@
     user: 'username',
     repo_website: 'https://github.com/username/backend-manager',
   },
+  parent: '',  // URL of the parent BEM instance (e.g., 'https://api.itwcreativeworks.com') — used by newsletter generator to pull sources
   sentry: {
     dsn: 'https://d965557418748jd749d837asf00552f@o777489.ingest.sentry.io/8789941',
   },
@@ -129,14 +142,45 @@
     beehiiv: {
       enabled: false,
       // publicationId: 'pub_xxxxx',  // Set to skip fuzzy-match API call
+      // Content pipeline. Lives under the provider that publishes the result —
+      // Beehiiv for newsletters, eventually SendGrid for promo blasts. The
+      // shape is the same regardless of provider: sources, tone, template,
+      // theme, sponsorships. `beehiiv.enabled: false` above disables it all.
+      content: {
+        categories: [],  // e.g., ['social-media', 'marketing'] — content categories to pull from parent server
+        // AI-customization fields below are all optional with sensible defaults
+        instructions: '',  // free-form text passed to the AI ("focus on X", "avoid Y", brand voice notes)
+        tone: 'professional',  // 'professional', 'casual', 'actionable', 'witty', etc. — passed to AI prompt
+        template: 'clean',   // 'clean' | 'editorial' | 'field-report' — layout template (each owns its own content shape and aesthetic)
+        theme: {
+          primaryColor: '#5B5BFF',   // accent color: buttons, links, brand text
+          secondaryColor: '#1E1E2A', // body text color
+          accentColor: '#F6F7FB',    // page background outside the 600px body
+          font: 'Inter, system-ui, sans-serif',
+        },
+        // AI provider defaults are hard-coded in the library (openai for structure,
+        // anthropic for SVG — each chosen for what each model does best). Override
+        // per-run only via env: NEWSLETTER_PROVIDER_STRUCTURE / NEWSLETTER_PROVIDER_SVG.
+        // Brand-owned sponsorship/promo slots — rendered as "sponsored" blocks inline
+        // with the newsletter. Use for promoting your own products, affiliate offers,
+        // or paid placements. Each entry can be positioned at 'top', 'middle', or 'end'.
+        // Per-campaign overrides via settings.sponsorships on a marketing-campaigns doc.
+        sponsorships: [
+          // {
+          //   label:       'Sponsored',                 // optional eyebrow label (defaults to "Sponsored")
+          //   headline:    'Grow your audience faster', // bold headline
+          //   body:        'Short pitch text…',         // 1-2 sentence body
+          //   url:         'https://somiibo.com/promo', // click destination
+          //   image:       'https://...png',            // optional image URL
+          //   ctaLabel:    'Try Somiibo',               // button text (default: "Learn more")
+          //   position:    'middle',                    // 'top' | 'middle' | 'end' (default: 'middle')
+          // },
+        ],
+      },
     },
     prune: {
       enabled: true,
     },
-    newsletter: {
-      enabled: false,
-      categories: [],  // e.g., ['social-media', 'marketing'] — content categories to pull from parent server
-    },
   },
   firebaseConfig: {
     apiKey: '123-456',

package/test/helpers/slugify.js

@@ -0,0 +1,394 @@
+/**
+ * Test: helpers/utilities.slugify()
+ * Unit tests for the canonical URL slug builder.
+ *
+ * Run: npx mgr test helpers/slugify
+ *
+ * slugify is the SSOT used by:
+ *   - BEM admin/post (legacy + modern) for URL + image filenames
+ *   - Sponsorship platform validator.buildFormatted()
+ *
+ * Contract:
+ *   - Strip all non-alphanumeric characters → replace with `-`
+ *   - Collapse runs of `-` into a single `-`
+ *   - Trim leading/trailing `-`
+ *   - Lowercase the result
+ *   - Non-string input → empty string
+ */
+const Utilities = require('../../src/manager/helpers/utilities.js');
+
+const Manager = { libraries: {} };
+const utilities = new Utilities(Manager);
+
+module.exports = {
+  description: 'Utilities.slugify()',
+  type: 'group',
+
+  tests: [
+    // ─── Basic happy path ───
+
+    {
+      name: 'lowercases-simple-string',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Hello World'), 'hello-world');
+      },
+    },
+
+    {
+      name: 'preserves-numbers',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Top 10 Products 2025'), 'top-10-products-2025');
+      },
+    },
+
+    {
+      name: 'already-a-slug-passes-through',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('already-a-slug'), 'already-a-slug');
+      },
+    },
+
+    {
+      name: 'single-word-unchanged',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('hello'), 'hello');
+      },
+    },
+
+    // ─── The bug that drove this: collapse runs of `-` ───
+
+    {
+      name: 'collapses-double-dashes-from-literal-hyphen-space',
+      async run({ assert }) {
+        // The real-world example: "Copy- Paste" produced "copy--paste" before the fix
+        assert.equal(
+          utilities.slugify('AI Study Prompts That Work: Copy- Paste Questions for Every Subject'),
+          'ai-study-prompts-that-work-copy-paste-questions-for-every-subject',
+        );
+      },
+    },
+
+    {
+      name: 'collapses-many-consecutive-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo---bar'), 'foo-bar');
+        assert.equal(utilities.slugify('foo-----bar'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'collapses-mixed-runs-of-special-chars',
+      async run({ assert }) {
+        // " / - / " → multiple non-alphanum → all become one `-`
+        assert.equal(utilities.slugify('foo / - / bar'), 'foo-bar');
+      },
+    },
+
+    // ─── Leading/trailing trim ───
+
+    {
+      name: 'strips-leading-and-trailing-spaces',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('  hello world  '), 'hello-world');
+      },
+    },
+
+    {
+      name: 'strips-leading-and-trailing-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('---hello---'), 'hello');
+      },
+    },
+
+    {
+      name: 'strips-leading-slash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('/foo/bar'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'strips-trailing-slash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo/bar/'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'strips-both-slashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('/foo/bar/'), 'foo-bar');
+      },
+    },
+
+    // ─── Punctuation ───
+
+    {
+      name: 'colon-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Title: Subtitle'), 'title-subtitle');
+      },
+    },
+
+    {
+      name: 'comma-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('one, two, three'), 'one-two-three');
+      },
+    },
+
+    {
+      name: 'question-mark-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('What is AI?'), 'what-is-ai');
+      },
+    },
+
+    {
+      name: 'exclamation-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Hello World!'), 'hello-world');
+      },
+    },
+
+    {
+      name: 'period-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('v1.2.3'), 'v1-2-3');
+      },
+    },
+
+    {
+      name: 'apostrophe-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify("don't stop"), 'don-t-stop');
+      },
+    },
+
+    {
+      name: 'quotes-become-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('"Hello" said the dog'), 'hello-said-the-dog');
+      },
+    },
+
+    {
+      name: 'parens-become-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Function (advanced)'), 'function-advanced');
+      },
+    },
+
+    {
+      name: 'brackets-become-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Array[0] access'), 'array-0-access');
+      },
+    },
+
+    {
+      name: 'ampersand-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Salt & Pepper'), 'salt-pepper');
+      },
+    },
+
+    {
+      name: 'hash-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('issue #42'), 'issue-42');
+      },
+    },
+
+    {
+      name: 'at-sign-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('user@example.com'), 'user-example-com');
+      },
+    },
+
+    // ─── Unicode / non-ASCII ───
+
+    {
+      name: 'em-dash-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Title — Subtitle'), 'title-subtitle');
+      },
+    },
+
+    {
+      name: 'curly-quotes-become-dashes',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('“Hello”'), 'hello');
+      },
+    },
+
+    {
+      name: 'emoji-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('Rocket 🚀 launch'), 'rocket-launch');
+      },
+    },
+
+    {
+      name: 'accented-chars-become-dashes',
+      async run({ assert }) {
+        // Slugify is ASCII-only by design — accents get stripped to dashes
+        // (Future improvement could be to transliterate, but current behavior is documented here)
+        assert.equal(utilities.slugify('café'), 'caf');
+      },
+    },
+
+    // ─── Whitespace variants ───
+
+    {
+      name: 'tab-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo\tbar'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'newline-becomes-dash',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo\nbar'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'multiple-spaces-collapse',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo    bar'), 'foo-bar');
+      },
+    },
+
+    {
+      name: 'mixed-whitespace-collapses',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('foo \t \n bar'), 'foo-bar');
+      },
+    },
+
+    // ─── Edge cases / non-string input ───
+
+    {
+      name: 'empty-string-returns-empty',
+      async run({ assert }) {
+        assert.equal(utilities.slugify(''), '');
+      },
+    },
+
+    {
+      name: 'all-punctuation-returns-empty',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('!@#$%^&*()'), '');
+      },
+    },
+
+    {
+      name: 'only-dashes-returns-empty',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('-----'), '');
+      },
+    },
+
+    {
+      name: 'only-whitespace-returns-empty',
+      async run({ assert }) {
+        assert.equal(utilities.slugify('   '), '');
+      },
+    },
+
+    {
+      name: 'null-returns-empty-string',
+      async run({ assert }) {
+        assert.equal(utilities.slugify(null), '');
+      },
+    },
+
+    {
+      name: 'undefined-returns-empty-string',
+      async run({ assert }) {
+        assert.equal(utilities.slugify(undefined), '');
+      },
+    },
+
+    {
+      name: 'number-returns-empty-string',
+      async run({ assert }) {
+        // Non-string input → empty string (caller is responsible for stringifying)
+        assert.equal(utilities.slugify(42), '');
+      },
+    },
+
+    {
+      name: 'object-returns-empty-string',
+      async run({ assert }) {
+        assert.equal(utilities.slugify({ foo: 'bar' }), '');
+      },
+    },
+
+    {
+      name: 'array-returns-empty-string',
+      async run({ assert }) {
+        assert.equal(utilities.slugify(['hello']), '');
+      },
+    },
+
+    // ─── Real-world examples ───
+
+    {
+      name: 'real-blog-post-title',
+      async run({ assert }) {
+        assert.equal(
+          utilities.slugify('10 Best Productivity Apps for Students in 2025'),
+          '10-best-productivity-apps-for-students-in-2025',
+        );
+      },
+    },
+
+    {
+      name: 'real-blog-post-with-colon-and-slash',
+      async run({ assert }) {
+        assert.equal(
+          utilities.slugify('Beginner\'s Guide: Python vs JavaScript'),
+          'beginner-s-guide-python-vs-javascript',
+        );
+      },
+    },
+
+    {
+      name: 'real-image-alt-text',
+      async run({ assert }) {
+        // The downloadImage() caller uses slugify(alt) to build a tmp filename
+        assert.equal(
+          utilities.slugify('Diagram showing the user flow (v2)'),
+          'diagram-showing-the-user-flow-v2',
+        );
+      },
+    },
+
+    {
+      name: 'real-url-with-blog-prefix-removed-first',
+      async run({ assert }) {
+        // Mimics how callers strip "blog/" before slugifying
+        const url = 'blog/some-existing-post';
+        assert.equal(
+          utilities.slugify(url.replace(/blog\//ig, '')),
+          'some-existing-post',
+        );
+      },
+    },
+
+    // ─── Idempotency ───
+
+    {
+      name: 'idempotent-double-slugify',
+      async run({ assert }) {
+        const once = utilities.slugify('Hello World: Foo & Bar!');
+        const twice = utilities.slugify(once);
+        assert.equal(twice, once, 'Applying slugify twice should equal applying it once');
+      },
+    },
+  ],
+};

package/test/marketing/fixtures/clean.json

@@ -0,0 +1,31 @@
+{
+  "_comment": "Predefined fixture for the `clean` template. Loaded via NEWSLETTER_FIXTURE=clean. Edit freely — no AI involved. Classic content shape: intro + sections[{title, body, cta, image_prompt}].",
+  "subject": "Identity is the new growth lever",
+  "preheader": "Three platform shifts to lock in this week.",
+  "intro": "Identity matters because trust is the new growth lever. Teams that handle this well will spend less time cleaning up later.",
+  "sections": [
+    {
+      "title": "LinkedIn ships verified-profile gates for business accounts",
+      "body": "LinkedIn now requires verified identity attestations on any business profile claiming more than 500 followers. Accounts with documented attribution histories sail through verification in under twelve hours. The practical implication is to lock down your attribution log this week, not next.",
+      "cta": { "label": "Read the brief", "url": "https://somiibo.com/blog/linkedin-verification" },
+      "image_prompt": "Abstract geometric illustration of a verification checkmark inside a layered profile card."
+    },
+    {
+      "title": "Documentation is the new operator moat",
+      "body": "Operator playbooks are now the difference between an account that recovers from a flag and one that gets permanently restricted. Teams running documented processes recover in days. The ones without burn weeks negotiating with support queues.",
+      "cta": { "label": "See the playbook", "url": "https://somiibo.com/blog/operator-playbook" },
+      "image_prompt": "Stack of geometric document layers casting clean shadows on a flat surface."
+    },
+    {
+      "title": "YouTube tests creator-attribution metadata on uploads",
+      "body": "A subset of channels saw a new upload checkbox this week asking whether content was assisted by automation. The checkbox is optional today. Reading the room: it will not stay optional. Creators with clear internal workflows will adapt in an afternoon.",
+      "cta": null,
+      "image_prompt": "Minimalist play button morphing into a label tag, flat geometric style."
+    }
+  ],
+  "signoff": "Best,\nThe Somiibo Team",
+  "citations": [
+    { "note": "LinkedIn flagged 12,000 impersonation attempts in the verified-profile beta.", "source": "Reported by LinkedIn product team, May 2026" },
+    { "note": "Operator playbook adoption up 38% week-over-week in Q2.", "source": "Per platform analytics, May 2026" }
+  ]
+}

package/test/marketing/fixtures/editorial.json

@@ -0,0 +1,31 @@
+{
+  "_comment": "Predefined fixture for the `editorial` template. Loaded via NEWSLETTER_FIXTURE=editorial. Same classic content shape as clean.json — both templates render the same data.",
+  "subject": "Identity is the new growth lever",
+  "preheader": "Three platform shifts to lock in this week.",
+  "intro": "Identity matters because trust is the new growth lever. Teams that handle this well will spend less time cleaning up later, and the patterns emerging this week tell you exactly where to focus.",
+  "sections": [
+    {
+      "title": "LinkedIn ships verified-profile gates for business accounts",
+      "body": "LinkedIn now requires verified identity attestations on any business profile claiming more than 500 followers. The rollout is fast and uneven — some accounts hit the gate inside two days of profile activity, others sit unchallenged for weeks. The pattern that matters is this: accounts with documented attribution histories sail through verification in under twelve hours. Accounts without get queued. The practical implication is to lock down your attribution log this week, not next.",
+      "cta": { "label": "Read the brief", "url": "https://somiibo.com/blog/linkedin-verification" },
+      "image_prompt": "Abstract geometric illustration of a verification checkmark inside a layered profile card."
+    },
+    {
+      "title": "Documentation is the new operator moat",
+      "body": "Operator playbooks — once dismissed as overhead — are now the difference between an account that recovers from a flag and one that gets permanently restricted. The teams already running on documented processes recover in days. The ones without burn weeks negotiating with support queues. Treat your playbook as a compliance artifact, not a knowledge-management nice-to-have.",
+      "cta": { "label": "See the playbook", "url": "https://somiibo.com/blog/operator-playbook" },
+      "image_prompt": "Stack of geometric document layers casting clean shadows on a flat surface."
+    },
+    {
+      "title": "YouTube tests creator-attribution metadata on uploads",
+      "body": "A subset of channels saw a new upload checkbox this week asking whether content was assisted by automation. The checkbox is optional today. Reading the room: it will not stay optional. Creators with clear internal workflows already labeled will adapt in an afternoon. Everyone else will spend a quarter retrofitting.",
+      "cta": null,
+      "image_prompt": "Minimalist play button morphing into a label tag, flat geometric style."
+    }
+  ],
+  "signoff": "Best,\nThe Somiibo Team",
+  "citations": [
+    { "note": "LinkedIn flagged 12,000 impersonation attempts in the verified-profile beta.", "source": "Reported by LinkedIn product team, May 2026" },
+    { "note": "Operator playbook adoption up 38% week-over-week in Q2.", "source": "Per platform analytics, May 2026" }
+  ]
+}