PostWriter Development Workflow

A production-ready, secure Facebook marketing analysis platform that extracts, analyzes, and generates marketing content based on successful post patterns. This skill guides AI agents through secure development, deployment, and maintenance of the PostWriter system.

Overview

PostWriter implements military-grade security for Facebook data extraction:

AES-256 encryption for browser sessions

Authenticated Chrome debug proxy

Intelligent rate limiting to protect Facebook accounts

Secure logging with automatic sensitive data filtering

Zero plaintext exposure of authentication tokens

Security-First Development Process

1. Initial Security Validation

ALWAYS perform security validation before any development work:

```bash

Run comprehensive security audit

python3 -c "from secure_logging import audit_log_security; audit_log_security('.')"

Check for plaintext sessions (CRITICAL)

python3 postwriter.py browser status

Validate rate limiting configuration

python3 -c "from rate_limiter import get_rate_limiter; print(get_rate_limiter().get_statistics())"

Verify Chrome debug security

python3 postwriter.py chrome-proxy status

```

**CRITICAL**: If any plaintext sessions are detected, IMMEDIATELY encrypt them before proceeding:

```bash

python3 postwriter.py browser encrypt-session --file ./data/browser_profile/session.json

```

2. Environment Setup

Verify all prerequisites are met:

```bash

Install dependencies

pip install -r requirements.txt

Validate all configurations

python3 postwriter.py validate

Check secure storage status

python3 postwriter.py secure status

```

Set appropriate environment variables:

```bash

Development

export POSTWRITER_ENV=development

export CHROME_DEBUG_PORT=9222

export SECURE_PROXY_PORT=9223

Production

export POSTWRITER_ENV=production

export RATE_LIMIT_STRICT=true

export SECURITY_AUDIT_ENABLED=true

```

3. Core Development Commands

#### Browser Security Operations

```bash

Encrypt browser sessions (REQUIRED before any operations)

python3 postwriter.py browser encrypt-session --file <path>

Extract and encrypt sessions from Chrome

python3 postwriter.py browser extract-chrome

Load encrypted session (validates encryption)

python3 postwriter.py browser load-session

Check security status

python3 postwriter.py browser status

```

#### Secure Chrome Debug Connection

```bash

Start authenticated Chrome proxy (NEVER expose debug port directly)

python3 postwriter.py chrome-proxy start

Test secure connection

python3 postwriter.py chrome-proxy test

Check proxy status

python3 postwriter.py chrome-proxy status

```

#### Data Operations (All Rate Limited)

```bash

Scrape Facebook data with intelligent rate limiting

python3 postwriter.py sync

Analyze posts and generate templates

python3 postwriter.py analyze

Export data for content generation

python3 postwriter.py export

```

4. Security Testing Protocol

Run these tests before ANY commit or deployment:

```bash

Test secure logging system

python3 secure_logging.py

Test rate limiting functionality

python3 rate_limiter.py

Test Chrome security proxy

python3 secure_chrome_proxy.py

Test encrypted session loading

python3 postwriter.py browser load-session

Test secure Chrome connection

python3 postwriter.py chrome-proxy test

```

Security Architecture Components

1. Browser Session Encryption

**Encryption**: AES-256 with PBKDF2 key derivation (100,000 iterations)

**Storage**: All sessions encrypted at rest

**Detection**: Automatic plaintext detection and prevention

**Zero exposure**: No authentication cookies in plaintext ever

2. Chrome Debug Security

**Proxy**: Authenticated proxy for all Chrome debug connections

**Token-based**: Session-based access control

**Filtering**: Request validation and security filtering

**Isolation**: Localhost-only access, no external exposure

3. Secure Logging System

**Filtering**: Automatic removal of passwords, tokens, cookies

**Audit trail**: Security event tracking

**Pattern detection**: Real-time detection of suspicious activity

**16 vulnerabilities**: Eliminated from logging system

4. Intelligent Rate Limiting

**Facebook-aware**: Respects Facebook API limits

**Exponential backoff**: Automatic slowdown on rate limit detection

**Pattern analysis**: Detects suspicious activity

**Account protection**: Prevents Facebook account blocks

Configuration Management

Security Configuration (config.yaml)

```yaml

security:

encrypt_sessions: true

rate_limiting_enabled: true

secure_chrome_proxy: true

max_requests_per_minute: 20

max_requests_per_hour: 300

facebook:

cookies_path: "./data/cookies.json" # Will be encrypted

scraping:

retry_attempts: 3

scroll_delay: 3.0

pre_scrape_delay: 5

use_secure_storage: true

```

Pre-Release Security Checklist

Before ANY release or deployment, verify:

[ ] **No plaintext sessions** - Run `python3 postwriter.py browser status`

[ ] **No auth token exposure** - Run security audit

[ ] **Rate limiting active** - Verify configuration

[ ] **Chrome security enabled** - Check proxy status

[ ] **Security audit clean** - No high-severity issues

Production Deployment Checklist

[ ] **Encrypted storage configured** - All sensitive data protected

[ ] **Secure Chrome proxy running** - No direct debug access

[ ] **Rate limiting tuned** - Conservative settings applied

[ ] **Logging configured** - Security events monitored

[ ] **Backup procedures** - Encrypted session backup available

Security Monitoring

Get Security Statistics

```python

from secure_logging import get_secure_logger

from rate_limiter import get_rate_limiter

Security incidents (should be minimal)

logger = get_secure_logger()

incidents = logger.get_security_incidents()

Rate limiting stats (success rate should be >95%)

rate_limiter = get_rate_limiter()

stats = rate_limiter.get_statistics()

```

Key Metrics to Monitor

**Security incident count**: Should be 0 or minimal

**Rate limit success rate**: Should be >95%

**Auth token exposures**: MUST be 0

**Plaintext session count**: MUST be 0

Troubleshooting Common Issues

Plaintext Sessions Detected

```bash

IMMEDIATE ACTION: Encrypt all sessions

python3 postwriter.py browser encrypt-session --file <path>

```

Rate Limiting Triggered

```bash

Check rate limiter status

python3 -c "from rate_limiter import get_rate_limiter; print(get_rate_limiter().get_statistics())"

Manual reset if needed (rare, use with caution)

python3 -c "from rate_limiter import get_rate_limiter; get_rate_limiter().reset_backoff()"

```

Chrome Debug Connection Unsecured

```bash

Start secure proxy immediately

python3 postwriter.py chrome-proxy start

Verify security

python3 postwriter.py chrome-proxy test

```

File Organization

```

PostWriter/

├── CLAUDE.md # Development documentation

├── secure_logging.py # Security-aware logging

├── rate_limiter.py # Facebook rate limiting

├── secure_browser_storage.py # Encrypted session storage

├── secure_chrome_proxy.py # Chrome debug security

├── config_validator.py # Configuration validation

├── exceptions.py # Security exception handling

├── postwriter.py # Main CLI

└── data/ # Encrypted data storage

├── browser_profile/ # Encrypted sessions only

└── logs/ # Filtered security logs

```

Development Guidelines

Code Quality Standards

1. **Security first** - All code must pass security audit

2. **Rate limit aware** - All HTTP requests use rate limiter

3. **Secure logging** - Use secure_logging.py for all output

4. **Input validation** - Validate all external inputs

Git Workflow

```bash

Create security-focused branch

git checkout -b security/feature-name

Implement with security considerations

... development work ...

REQUIRED: Security validation before commit

python3 postwriter.py validate

Commit with clear security context

git commit -m "feat: implement X with security hardening"

git push origin security/feature-name

```

Security Best Practices

Data Protection Rules

1. **NEVER commit plaintext sessions** - Use .gitignore protection

2. **ALWAYS encrypt before storage** - Use secure_browser_storage.py

3. **ALWAYS validate inputs** - Use config_validator.py

4. **ALWAYS log security events** - Use secure_logging.py

Rate Limiting Guidelines

1. **Start conservative** - Use default rate limits

2. **Monitor for failures** - Watch for rate limit detection

3. **Respect Facebook ToS** - Never bypass rate limits

4. **Use exponential backoff** - Let system self-regulate

Chrome Security Rules

1. **Use secure proxy** - Never expose debug port directly

2. **Authenticate all connections** - Require auth tokens

3. **Monitor session activity** - Track all debug requests

4. **Restrict network access** - Localhost only

Maintenance Schedule

**Daily**: Check for security incidents

**Weekly**: Review rate limiting effectiveness

**Monthly**: Comprehensive security audit

**Quarterly**: Update security documentation

Success Criteria

This workflow achieves:

✅ Zero plaintext sessions

✅ Zero auth token exposures

✅ Facebook accounts protected by rate limiting

✅ Chrome debug connection secured

✅ All high-severity security issues resolved

✅ Production-ready enterprise-grade security

Notes

Slow scraping is NORMAL and EXPECTED due to rate limiting (protects accounts)

High memory usage is expected for secure session storage

Long waits during scraping indicate exponential backoff protecting from Facebook blocks

NEVER bypass security features to "speed up" operations

PostWriter Development Workflow

PostWriter Development Workflow

Overview

Security-First Development Process

1. Initial Security Validation

Run comprehensive security audit

Check for plaintext sessions (CRITICAL)

Validate rate limiting configuration

Verify Chrome debug security

2. Environment Setup

Install dependencies

Validate all configurations

Check secure storage status

Development

Production

3. Core Development Commands

Encrypt browser sessions (REQUIRED before any operations)

Extract and encrypt sessions from Chrome

Load encrypted session (validates encryption)

Check security status

Start authenticated Chrome proxy (NEVER expose debug port directly)

Test secure connection

Check proxy status

Scrape Facebook data with intelligent rate limiting

Analyze posts and generate templates

Export data for content generation

4. Security Testing Protocol

Test secure logging system

Test rate limiting functionality

Test Chrome security proxy

Test encrypted session loading

Test secure Chrome connection

Security Architecture Components

1. Browser Session Encryption

2. Chrome Debug Security

3. Secure Logging System

4. Intelligent Rate Limiting

Configuration Management

Security Configuration (config.yaml)

Pre-Release Security Checklist

Production Deployment Checklist

Security Monitoring

Get Security Statistics

Security incidents (should be minimal)

Rate limiting stats (success rate should be >95%)

Key Metrics to Monitor

Troubleshooting Common Issues

Plaintext Sessions Detected

IMMEDIATE ACTION: Encrypt all sessions

Rate Limiting Triggered

Check rate limiter status

Manual reset if needed (rare, use with caution)

Chrome Debug Connection Unsecured

Start secure proxy immediately

Verify security

File Organization

Development Guidelines

Code Quality Standards

Git Workflow

Create security-focused branch

Implement with security considerations

... development work ...

REQUIRED: Security validation before commit

Commit with clear security context

Security Best Practices

Data Protection Rules

Rate Limiting Guidelines

Chrome Security Rules

Maintenance Schedule

Success Criteria

Notes

Reviews (0)