Open
Conversation
) * feat: add Security Advisories panel with government travel advisory feeds Adds a new panel aggregating travel/security advisories from official government foreign affairs agencies (US State Dept, AU DFAT Smartraveller, UK FCDO, NZ MFAT). Advisories are categorized by severity level (Do Not Travel, Reconsider, Caution, Normal) with filter tabs by source country. Includes summary counts, auto-refresh, and persistent caching via the existing data-freshness system. * chore: update package-lock.json * fix: event delegation, localization, and cleanup for SecurityAdvisories panel P1 fixes: - Use event delegation on this.content (bound once in constructor) instead of direct addEventListener after each innerHTML replacement — prevents memory leaks and stale listener issues on re-render - Use setContent() consistently instead of mixing with this.content.innerHTML - Add securityAdvisories translations to all 16 non-English locale files (panels name, component strings, common.all key) - Revert unrelated package-lock.json version bump P2 fixes: - Deduplicate loadSecurityAdvisories — loadIntelligenceData now calls the shared method instead of inlining duplicate fetch+set logic - Add Accept header to fetch calls for better content negotiation * feat(advisories): add US embassy alerts, CDC, ECDC, and WHO health feeds Adds 21 new advisory RSS feeds: - 13 US Embassy per-country security alerts (TH, AE, DE, UA, MX, IN, PK, CO, PL, BD, IT, DO, MM) - CDC Travel Notices - 5 ECDC feeds (epidemiological, threats, risk assessments, avian flu, publications) - 2 WHO feeds (global news, Africa emergencies) Panel gains a Health filter tab for CDC/ECDC/WHO sources. All new domains added to RSS proxy allowlist. i18n "health" key added across all 17 locales.
) When upstream APIs return errors (HTTP 403, 429, timeout), fetchers return null. Previously null results were not cached, causing repeated request storms against broken APIs every refresh cycle. Now caches a sentinel value ('__WM_NEG__') with a short 2-minute TTL on null results. Subsequent requests within that window get null immediately without hitting upstream. Thrown errors (transient) skip sentinel caching and retry immediately. Also filters sentinels from getCachedJsonBatch pipeline reads and fixes theater posture coalescing test (expected 2 OpenSky fetches for 2 theater query regions, not 1).
…la73#468) * feat: convert 52 API endpoints from POST to GET for edge caching Convert all cacheable sebuf RPC endpoints to HTTP GET with query/path parameters, enabling CDN edge caching to reduce costs. Flatten nested request types (TimeRange, PaginationRequest, BoundingBox) into scalar query params. Add path params for resource lookups (GetFredSeries, GetHumanitarianSummary, GetCountryStockIndex, GetCountryIntelBrief, GetAircraftDetails). Rewrite router with hybrid static/dynamic matching for path param support. Kept as POST: SummarizeArticle, ClassifyEvent, RecordBaselineSnapshot, GetAircraftDetailsBatch, RegisterInterest. Generated with sebuf v0.9.0 (protoc-gen-ts-client, protoc-gen-ts-server). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add rate_limited field to market response protos The rateLimited field was hand-patched into generated files on main but never declared in the proto definitions. Regenerating wiped it out, breaking the build. Now properly defined in both ListEtfFlowsResponse and ListMarketQuotesResponse protos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: remove accidentally committed .planning files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
….app (koala73#471) Route web production RPC traffic through api.worldmonitor.app via fetch interceptor (installWebApiRedirect). Add default Cache-Control headers (s-maxage=300, stale-while-revalidate=60) on GET 200 responses, with no-store override for real-time endpoints (vessel snapshot). Update CORS to allow GET method. Skip Vercel bot middleware for API subdomain using hostname check (non-spoofable, replacing CF-Ray header approach). Update desktop cloud fallback to route through api.worldmonitor.app.
BETA_MODE now couples the badge AND model loading — the summarization-beta model starts loading on startup instead of waiting for the first summarization call.
…oala73#472) Vercel's `api/[domain]/v1/[rpc].ts` captures one dynamic segment. Path params like `/get-humanitarian-summary/SA` add an extra segment that has no matching route file, causing 404 on both OPTIONS preflight and direct requests. These endpoints were broken in production. Changes: - Remove `{param}` from 5 service.proto HTTP paths - Add `(sebuf.http.query)` annotations to request message fields - Update generated client/server code to use URLSearchParams - Update OpenAPI specs (YAML + JSON) to declare query params - Add early-return guards in 4 handlers for missing required params - Add happy.worldmonitor.app to runtime.ts redirect hosts Affected endpoints: - GET /api/conflict/v1/get-humanitarian-summary?country_code=SA - GET /api/economic/v1/get-fred-series?series_id=T10Y2Y&limit=120 - GET /api/market/v1/get-country-stock-index?country_code=US - GET /api/intelligence/v1/get-country-intel-brief?country_code=US - GET /api/military/v1/get-aircraft-details?icao24=a12345
… blocks (koala73#473) - Advisory feeds were fetched directly from the browser, hitting CORS on all 21 feeds (US State Dept, AU Smartraveller, US Embassies, ECDC, CDC, WHO). Route through /api/rss-proxy on web, keep proxyUrl for desktop. - Fix double slash in ECDC Avian Influenza URL (323//feed → 323/feed) - Add feeds.news24.com to RSS proxy allowlist (was returning 403)
…a73#474) * fix: move 5 path-param endpoints to query params for Vercel routing Vercel's `api/[domain]/v1/[rpc].ts` captures one dynamic segment. Path params like `/get-humanitarian-summary/SA` add an extra segment that has no matching route file, causing 404 on both OPTIONS preflight and direct requests. These endpoints were broken in production. Changes: - Remove `{param}` from 5 service.proto HTTP paths - Add `(sebuf.http.query)` annotations to request message fields - Update generated client/server code to use URLSearchParams - Update OpenAPI specs (YAML + JSON) to declare query params - Add early-return guards in 4 handlers for missing required params - Add happy.worldmonitor.app to runtime.ts redirect hosts Affected endpoints: - GET /api/conflict/v1/get-humanitarian-summary?country_code=SA - GET /api/economic/v1/get-fred-series?series_id=T10Y2Y&limit=120 - GET /api/market/v1/get-country-stock-index?country_code=US - GET /api/intelligence/v1/get-country-intel-brief?country_code=US - GET /api/military/v1/get-aircraft-details?icao24=a12345 * feat(cache): add tiered edge Cache-Control aligned to upstream TTLs Replace flat s-maxage=300 with 5 tiers (fast/medium/slow/static/no-store) mapped per-endpoint to respect upstream Redis TTLs. Adds stale-if-error resilience headers and X-No-Cache plumbing for future degraded responses. X-Cache-Tier debug header gated behind ?_debug query param.
…ala73#475) - CISA Advisories used dead rss.worldmonitor.app domain (404), switch to rss() helper - Remove Vite build from pre-push hook (tsc already catches errors)
…oala73#476) * fix(tech): use rss() for CISA feed, drop build from pre-push hook - CISA Advisories used dead rss.worldmonitor.app domain (404), switch to rss() helper - Remove Vite build from pre-push hook (tsc already catches errors) * fix(desktop): enable click-to-play for YouTube embeds in WKWebView WKWebView blocks programmatic autoplay in cross-origin iframes regardless of allow attributes, Permissions-Policy, mute-first retries, or secure context. Documented all 10 approaches tested in docs/internal/. Changes: - Switch sidecar embed origin from 127.0.0.1 to localhost (secure context) - Add MutationObserver + retry chain as best-effort autoplay attempts - Use postMessage('*') to fix tauri://localhost cross-origin messaging - Make sidecar play overlay non-interactive (pointer-events:none) - Fix .webcam-iframe pointer-events:none blocking clicks in grid view - Add expand button to grid cells for switching to single view on desktop - Add http://localhost:* to CSP frame-src in index.html and tauri.conf.json
…koala73#477) Stale cached client bundles still send POST to endpoints converted to GET in PR koala73#468, causing 404s. The gateway now parses the POST JSON body into query params and retries the match as GET.
…oala73#478) Add CDN-Cache-Control headers to all proxy endpoints so Cloudflare can cache responses at the edge independently of browser Cache-Control: - RSS: 600s edge + stale-while-revalidate=300 (browser: 300s) - UCDP: 3600s edge (matches browser) - OpenSky: 15s edge (browser: 30s) for fresher flight data - WorldBank: 1800s/86400s edge (matches browser) - Polymarket: 120s edge (matches browser) - Telegram: 10s edge (matches browser) - AIS snapshot: 2s edge (matches browser) Also fixes: - Vary header merging: sendCompressed/sendPreGzipped now merge existing Vary: Origin instead of overwriting, preventing cross-origin cache poisoning at the edge - Stale fallback responses (OpenSky, WorldBank, Polymarket, RSS) now set Cache-Control: no-store + CDN-Cache-Control: no-store to prevent edge caching of degraded responses - All no-cache branches get CDN-Cache-Control: no-store - /opensky-reset gets no-store (state-changing endpoint)
- Tighten AbortError filter to match "AbortError: The operation was aborted" - Filter "The user aborted a request" (normal navigation cancellation) - Filter UltraViewer service worker injection errors (/uv/service/) - Filter Huawei WebView __isInQueue__ injection
* fix(gateway): harden POST→GET shim with scalar guard and size limit - Only convert string/number/boolean values to query params (skip objects, nested arrays, __proto__ etc.) to prevent prototype pollution vectors - Skip body parsing for Content-Length > 1MB to avoid memory pressure * feat: make API base URL configurable via VITE_WS_API_URL Replace hardcoded api.worldmonitor.app with VITE_WS_API_URL env var. When empty, installWebApiRedirect() is skipped entirely — relative /api/* calls stay on the same domain (local installs). When set, browser fetch is redirected to that URL. Also adds VITE_WS_API_URL and VITE_WS_RELAY_URL hostnames to APP_HOSTS allowlist dynamically.
) Vercel's :path* wildcard doesn't match trailing slashes that PostHog SDK appends (e.g. /ingest/s/?compression=...), causing 404s. Switch to :path(.*) which matches all path segments including trailing slashes. Ref: PostHog/posthog#17596
With 20k requests/30min (60% of proxy traffic) and per-PoP caching, a 2s edge TTL expires before the next request from the same PoP arrives, resulting in near-zero cache hits. 10s allows same-PoP dedup while keeping browser TTL at 2s for fresh vessel positions.
…koala73#483) The shared circuit breaker (cacheTtlMs: 0) cached the stocks response, then the stale-while-revalidate path returned that cached stocks data for the subsequent commodities fetch. Skip SWR when caching is disabled.
…policy (koala73#484) - Add 11 missing GET routes to RPC_CACHE_TIER map (8 slow, 3 medium) - Add response-headers side-channel (WeakMap) so handlers can signal X-No-Cache without codegen changes; wire into military-flights and positive-geo-events handlers on upstream failure - Add env-controlled per-endpoint tier override (CACHE_TIER_OVERRIDE_*) for incident response rollback - Add VITE_WS_API_URL hostname allowlist (*.worldmonitor.app + localhost) - Fix fetch.bind(globalThis) in positive-events-geo.ts (deferred lambda) - Add CI test asserting every generated GET route has an explicit cache tier entry (prevents silent default-tier drift)
Covers PRs koala73#452–koala73#484: Cloudflare edge caching, commodities SWR fix, security advisories panel, settings redesign, 52 POST→GET migrations.
…la73#486) Feed has no <pubDate> fields and latest content is from April 2022. Not referenced in any feed config — only in the proxy domain allowlist.
- Add ko.json with all 1606 translation keys matching en.json structure - Register 'ko' in SUPPORTED_LANGUAGES, LANGUAGES display array, and locale map - Korean appears as 🇰🇷 한국어 in the language dropdown
* perf: bootstrap endpoint + polling optimization (phases 3-4)
Replace 15+ individual RPC calls on startup with a single /api/bootstrap
batch call that fetches pre-cached data from Redis. Consolidate 6 panel
setInterval timers into the central RefreshScheduler for hidden-tab
awareness (10x multiplier) and adaptive backoff (up to 4x for unchanged
data). Convert IntelligenceGapBadge from 10s polling to event-driven
updates with 60s safety fallback.
* fix(bootstrap): inline Redis + cache keys in edge function
Vercel Edge Functions cannot resolve cross-directory TypeScript imports
from server/_shared/. Inline getCachedJsonBatch and BOOTSTRAP_CACHE_KEYS
directly in api/bootstrap.js. Add sync test to ensure inlined keys stay
in sync with the canonical server/_shared/cache-keys.ts registry.
* test: add Edge Function module isolation guard for all api/*.js files
Prevents any Edge Function from importing from ../server/ or ../src/
which breaks Vercel builds. Scans all 12 non-helper Edge Functions.
* fix(bootstrap): read unprefixed cache keys on all environments
Preview deploys set VERCEL_ENV=preview which caused getKeyPrefix() to
prefix Redis keys with preview:<sha>:, but handlers only write to
unprefixed keys on production. Bootstrap is a read-only consumer of
production cache — always read unprefixed keys.
* fix(bootstrap): wire sectors hydration + add coverage guard
- Wire getHydratedData('sectors') in data-loader to skip Yahoo Finance
fetch when bootstrap provides sector data
- Add test ensuring every bootstrap key has a getHydratedData consumer
— prevents adding keys without wiring them
* fix(server): resolve 25 TypeScript errors + add server typecheck to CI
- _shared.ts: remove unused `delay` variable
- list-etf-flows.ts: add missing `rateLimited` field to 3 return literals
- list-market-quotes.ts: add missing `rateLimited` field to 4 return literals
- get-cable-health.ts: add non-null assertions for regex groups and array access
- list-positive-geo-events.ts: add non-null assertion for array index
- get-chokepoint-status.ts: add required fields to request objects
- CI: run `typecheck:api` (tsconfig.api.json) alongside `typecheck` to catch
server/ TS errors before merge
…a73#496) * feat(military): server-side military bases with 125K entries + rate limiting (koala73#485) Migrate military bases from 224 static client-side entries to 125,380 server-side entries stored in Redis GEO sorted sets, served via bbox-filtered GEOSEARCH endpoint with server-side clustering. Data pipeline: - Pizzint/Polyglobe: 79,156 entries (Supabase extraction) - OpenStreetMap: 45,185 entries - MIRTA: 821 entries - Curated strategic: 218 entries - 277 proximity duplicates removed Server: - ListMilitaryBases RPC with GEOSEARCH + HMGET + tier/filter/clustering - Antimeridian handling (split bbox queries) - Blue-green Redis deployment with atomic version pointer switch - geoSearchByBox() + getHashFieldsBatch() helpers in redis.ts Security: - @upstash/ratelimit: 60 req/min sliding window per IP - IP spoofing fix: prioritize x-real-ip (Vercel-injected) over x-forwarded-for - Require API key for non-browser requests (blocks unauthenticated curl/scripts) - Input validation: allowlisted types/kinds, regex country, clamped bbox/zoom Frontend: - Viewport-driven loading with bbox quantization + debounce - Server-side grid clustering at low zoom levels - Enriched popup with kind, category badges (airforce/naval/nuclear/space) - Static 224 bases kept as search fallback + initial render * fix(military): fallback to production Redis keys in preview deployments Preview deployments prefix Redis keys with `preview:{sha}:` but military bases data is seeded to unprefixed (production) keys. When the prefixed `military:bases:active` key is missing, fall back to the unprefixed key and use raw (unprefixed) keys for geo/meta lookups. * fix: remove unused 'remaining' destructure in rate-limit (TS6133) * ci: add typecheck:api to pre-push hook to catch server-side TS errors * debug(military): add X-Bases-Debug response header for preview diagnostics * fix(bases): trigger initial server fetch on map load fetchServerBases() was only called on moveend — if the user never panned/zoomed, the API was never called and only the 224 static fallback bases showed.
…tier (koala73#497) - Add 300ms debounce on moveend to prevent rapid pan flooding - Fixes stale-bbox bug where pendingFetch returns old viewport data - Upgrade edge cache tier from medium (5min) to static (1hr) — bases are static infrastructure, aligned with server-side cachedFetchJson TTL - Keep error logging in catch blocks for production diagnostics
…3#498) Replace Math.random() jitter with DJB2 hash seeded by the threat indicator (IP/URL), so the same threat always maps to the same coordinates across requests while different threats from the same country still spread out. Closes koala73#203 Co-authored-by: Chris Chen <fuleinist@users.noreply.github.com>
Replace direct `VAR=value command` syntax with cross-env/cross-env-shell so dev, build, test, and desktop scripts work on Windows PowerShell/CMD. Co-authored-by: facusturla <facusturla@users.noreply.github.com>
…3#504) - Filter null/undefined values before storing in hydration cache to prevent future consumers using !== undefined from misinterpreting null as valid data - Debounce wm:intelligence-updated event handler via requestAnimationFrame to coalesce rapid alert generation into a single render pass - Include alert IDs in StrategicRiskPanel change fingerprint so content changes are detected even when alert count stays the same - Replace JSON.stringify change detection in ServiceStatusPanel with lightweight name:status fingerprint - Document max effective refresh interval (40x base) in scheduler
) AUTH_KEY_DUPLICATED is permanent — the session string is invalidated and no amount of retrying will fix it. Previously the relay retried every 60s, spamming logs. Now it logs a clear error message with instructions to regenerate the session and stops retrying. Renamed telegramImportFailed → telegramPermanentlyDisabled to cover both import failures and auth failures under one latch.
…o IDs (koala73#541) * fix(live-news): fix broken Europe channel handles + add fallback video IDs - Fix France 24 English handle: @FRANCE24English (404) → @France24_en - Fix WELT handle: @WELTNachrichtensender (hijacked to "Movie Glow") → @WELTVideoTV - Add fallbackVideoId for BBC News, France 24 EN, TRT Haber, NTV Turkey, CNN TURK, TVP Info, Telewizja Republika (verified via Playwright) - Update stale fallback IDs for Fox News, RTVE, CNN Brasil, C5N, TBS News, Sky News Arabia, TRT World * fix(live-news): update CBS News fallback video ID * fix(live-news): update Newsmax fallback video ID * fix(live-news): add NBC News fallback video ID * fix(live-news): full channel audit — fix 10 broken handles + update 8 stale fallbacks Broken handles fixed: - Bloomberg: @bloomberg (404) → @markets - WION: @WIONews (wrong channel "Write It Out") → @wion - CTI News: @ctitv (404) → @中天新聞CtiNews - VTC NOW: @VTCNOW (404) → @VTCNowOfficial - Record News: @recordnewsoficial (404) → @RecordNews - T13: @t13 (404) → @Teletrece - Channels TV: @channelstv (404) → @channelstelevision - KTN News: @KTNNewsKE (404) → @ktnnews_kenya - eNCA: @enewschannel (404) → @enca - SABC News: @SABCNews (404) → @SABCDigitalNews Stale fallback video IDs refreshed: - Sky News, NASA, CBC News, CNN Brasil, C5N, TBS NEWS DIG, Sky News Arabia, TRT World
…oala73#545) Add real-time Israel Home Front Command (OREF) siren alerts panel: - Edge Function proxy at api/oref-alerts.js - OrefSirensPanel component with live/history views - oref-alerts service with 10s polling and update callbacks - Hebrew→English translation via existing translateText() LLM chain with 3-layer caching (in-memory Map → server Redis → circuit breaker) - i18n strings for all 23 locales - Panel registration, data-loader integration, CSS styles
…oala73#546) Proxy credentials with special characters (semicolons, dollar signs) were interpolated into a shell command via execSync. Switch to execFileSync which passes args directly without shell parsing.
…la73#489) * gave the user freedom to resize panles * feat(panels): add horizontal resize with col-span persistence
…ef & timeline (koala73#547) Iran had ~100 geolocated strike events but the CII was unaware of them: conflict score stuck at 70 (ACLED only), no strike chip in Active Signals, timeline conflict lane empty, intelligence brief silent on strikes. Changes: - Add strikes[] to CountryData and ingestStrikesForCII() with geo-lookup fallback (bounding boxes when GeoJSON not yet loaded) - Boost CII conflict score with 7-day freshness window (min(50, count*3 + highSev*5)) - Cache iranEvents in IntelligenceCache, preserve across refresh cycles - Wire data loading: always load Iran events (not gated by map layer), ingest into CII, trigger panel refresh - Add activeStrikes to CountryBriefSignals with geo-lookup counting - Render strike chip in Active Signals and include in fallback brief - Feed strike events into 7-day timeline (conflict lane) - Add structured strikeCount/highSeverityStrikeCount fields to GeoSignal (replaces fragile regex parsing in focal-point-detector) - Add active_strike signal type to InsightsPanel focal points - Add bounding-box fallback to signal aggregator for conflict events - Add i18n keys for activeStrikes
…al target (koala73#548) Keyword matching was too rigid — "attacks on iran" didn't match CRITICAL because only "attack on iran" (singular) existed. Headlines like "strikes by US and Israel on Iran" also missed because words weren't adjacent. Added compound escalation: if a HIGH military/conflict keyword matches AND the headline mentions a critical geopolitical target (Iran, Russia, China, Taiwan, NATO, US forces), escalate to CRITICAL. Also added missing Iran keyword variants (plural forms, "Iran retaliates/strikes").
…ated events (koala73#549) Rewrite the Iran events popup to follow the established popup pattern (conflict/protest) with severity-colored header, badge, close button, stat rows, and source link using CSS classes instead of inline styles. - Add normalizeSeverity helper (clamps unknown values to 'low') - Show related events from same location (normalized matching, max 5) - Add IranEventPopupData to PopupData union (removes unsafe double cast) - Add iranEvent header CSS with severity border-left colors - Add i18n keys for en/ar/fr
* feat(telegram): add Telegram Intel panel consuming relay feed - Service layer: fetchTelegramFeed() with 30s cache, types matching relay shape - Panel component: topic filter tabs, safe DOM rendering via h()+replaceChildren() - DataLoader + RefreshScheduler pattern (60s interval, hidden-tab aware) - Handles enabled=false and empty states from relay - CSS following existing gdelt-intel pattern - Panel title localized across all 18 locales * fix(i18n): add components.telegramIntel translations to 10 remaining locales
…be detection (koala73#551) YouTube blocks Vercel datacenter IPs — returns HTML without videoDetails/isLive data. Switch from edge runtime to Node.js serverless to enable HTTP CONNECT tunnel proxy via YOUTUBE_PROXY_URL env var. Add zlib decompression for gzip responses (YouTube returns empty body without Accept-Encoding header). Also adds missing fallback video IDs for WELT, KTN News, CNA NewsAsia, and updates TBS NEWS DIG fallback.
Vercel defaults to edge runtime when not specified. node:http/https/zlib imports are unavailable in edge — causing FUNCTION_INVOCATION_FAILED. Remove debug param added in previous commit.
Top-level import of node:http/https/zlib crashes if Vercel bundles for edge despite runtime: 'nodejs' config. Use dynamic import() to lazy-load at call time. Also add try/catch around proxy so it falls back to direct fetch if proxy connection fails.
…koala73#552) Replace 100% simulated delay data for international airports with real flight data from AviationStack API. Add 28 Middle East/conflict-zone airports (Iran, Iraq, Lebanon, Syria, Yemen, Pakistan, Libya, Sudan). Key changes: - AviationStack integration with bounded concurrency (5 parallel), rotating batch (20 airports/cycle), and 20s deadline - Redis SETNX lock prevents cross-isolate cache stampede on expiry - Split FAA/intl caches (both 30min TTL) with isolated error handling - Fix severity colors (was checking 'GS'/'GDP', now minor/moderate/major/severe) - Fix tooltip (was obj.airport, now obj.name + obj.iata) - Add FLIGHT_DELAY_TYPE_CLOSURE for airport/airspace closures - Add closure i18n key across all 18 locales - Graceful fallback: no API key → simulation; API failure → simulation
Vercel serverless cannot use node:http/https for HTTP CONNECT proxy tunnels. Move the residential proxy YouTube scraping to the Railway relay (ais-relay.cjs) which has full Node.js access. - Add /youtube-live route to relay with proxy + direct fetch fallback - Add 5-min in-memory cache for channel lookups, 1hr for oembed - Revert Vercel api/youtube/live.js to edge runtime — now proxies to Railway first, falls back to direct scrape
…73#553) Register the key in Rust keychain (SUPPORTED_SECRET_KEYS), frontend RuntimeSecretKey type, feature toggle, and settings UI under "Tracking & Sensing" category.
…a73#554) Edge function was sending X-Relay-Auth header with RELAY_AUTH_TOKEN env var, but the Railway relay expects x-relay-key header validated against RELAY_SHARED_SECRET. This mismatch caused the relay to reject requests from Vercel, falling back to direct YouTube scrape (which fails from datacenter IPs for many channels).
…oala73#555) Use same getRelayBaseUrl/getRelayHeaders as other edge functions: - WS_RELAY_URL env var instead of VITE_WS_API_URL - RELAY_SHARED_SECRET + RELAY_AUTH_HEADER for flexible auth - Dual x-relay-key + Authorization headers
Remove internal implementation references (OREF, proxy relay, oref.org.il) from all user-facing strings across 18 locales and panel config.
…la73#560) - Add context comments to empty catch blocks for debuggability - Replace error.message leak with generic client-safe message
…oala73#561) - Add 8 new ignoreErrors patterns: signal timeout, premium gate, hybridExecute/mag/webkit bridge injections, postMessage null, NotSupportedError, appendChild injection, luma assignment - Fix LIDNotify regex to match both LIDNotify and LIDNotifyId - Fix beforeSend: strip null/anonymous filename frames so deck.gl TypeErrors (28 events, 8 users) are properly suppressed
* feat(cii): wire OREF sirens into CII score and country brief Active OREF sirens now boost Israel's CII score through two channels: - Conflict component: +25 base + min(25, alertCount*5) for active sirens - Blended score: +15 for active sirens, +5/+10 for 24h history thresholds Country brief for Israel shows a siren signal chip when alerts are active. * refactor(cii): extract getOrefBlendBoost helper to DRY scoring paths
…am (koala73#562) - SIGTERM/SIGINT handler disconnects Telegram client before container dies - telegramPollInFlight guard prevents overlapping poll cycles - Mid-poll AUTH_KEY_DUPLICATED now permanently disables (was reconnect loop)
|
@Chinmaya-India is attempting to deploy a commit to the Elie Team on Vercel. A member of the Team first needs to authorize it. |
…ences - Replace npm run dev / vercel dev in README, CONTRIBUTING, DOCUMENTATION with docker compose up -d --build - Update port references from 3737 to 3740 in DOCKER.md and docker-compose.test.yml - Keep Gluetun VPN container in docker-compose.yml for optional future use via Settings UI
|
bump on this, would be great to not need vercel for the agreggation functions |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Docker Self-Hosting Support
What this PR does
Adds complete Docker containerization for self-hosting World Monitor
without Vercel CLI or cloud dependencies.
Why
The README's Self-Hosting section notes that
npm run devalone won'trun the 60+ edge functions. The Vercel CLI approach requires a Vercel
account. This PR provides a zero-dependency Docker alternative using
the existing
local-api-server.mjsfrom the Tauri sidecar.Architecture
/api/*tolocal-api-server.mjson port 46123Key Discovery
The
src-tauri/sidecar/local-api-server.mjs(1294 lines) is a completestandalone HTTP server that loads all
api/*.jsedge functions and servesthem with the same routing, CORS, and SSRF protection as the Vercel
deployment. This eliminates the need for Vercel CLI entirely.
Files Added
Dockerfilenpm ci→tsc→vite build→ nginx + supervisordocker-compose.ymldocker-compose.test.ymlnginx.confsupervisord.conf.dockerignoreDOCKER.mdTesting
tsccompiles with 0 errorsvite buildproduces 46 PWA precache entries in 15.62sRelated