eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-05-14 02:56:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
930 Commits 167 Branches 48 Tags
cfbd1ad8a1f2d792f7dbba9560de61ba8522bb76
Commit Graph

15 Commits

Author SHA1 Message Date
Elie Habib
116fc80fc7 Merge remote-tracking branch 'origin/main' into feature/finance-variant 
# Conflicts:
#	index.html
#	src/components/DeckGLMap.ts
 2026-02-17 09:37:47 +04:00
Elie Habib
ed9cc922e2 Fix finance variant runtime resiliency and API pressure 2026-02-17 09:34:15 +04:00
Sebastien Melki
db5eff4300 feat(04-01): add no-transition class lifecycle for FOUC prevention 
- index.html and settings.html FOUC scripts add no-transition class to <html>
- src/main.ts removes no-transition after first paint via requestAnimationFrame
- src/settings-main.ts removes no-transition after first paint via requestAnimationFrame
- Prevents transition sweep from dark-to-light on page load while enabling smooth theme toggles

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 17:17:30 +02:00
Sebastien Melki
14f7d856cd feat(02-01): add FOUC prevention scripts and wire entry points 
- Add inline FOUC prevention script to index.html and settings.html <head>
- Update CSP script-src to allow 'unsafe-inline' for FOUC prevention
- Import and call applyStoredTheme() in src/main.ts before App init
- Import and call applyStoredTheme() in src/settings-main.ts before loadDesktopSecrets

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 17:17:30 +02:00
Elie Habib
a9224254a5 fix: security hardening — CORS, auth bypass, origin validation & bump v2.2.7 
- Tighten CORS regex to block worldmonitorEVIL.vercel.app spoofing
- Move sidecar /api/local-env-update behind token auth + add key allowlist
- Add postMessage origin/source validation in LiveNewsPanel
- Replace postMessage wildcard '*' targetOrigin with specific origin
- Add isDisallowedOrigin() check to 25 API endpoints missing it
- Migrate gdelt-geo & EIA from custom CORS to shared _cors.js
- Add CORS to firms-fires, stock-index, youtube/live endpoints
- Tighten youtube/embed.js ALLOWED_ORIGINS regex
- Remove 'unsafe-inline' from CSP script-src
- Add iframe sandbox attribute to YouTube embed
- Validate meta-tags URL query params with regex allowlist
 2026-02-15 20:33:20 +04:00
Elie Habib
4a7f9bfdf4 Allow Cloudflare Insights script in CSP 
Add https://static.cloudflareinsights.com to script-src directive
to prevent CSP blocking of Cloudflare Web Analytics beacon.
 2026-02-14 22:52:26 +04:00
Elie Habib
2c2a6dfbc3 Fix YouTube CSP, add devtools menu, improve desktop channel switching 
- Add worldmonitor.app to frame-src CSP in index.html (was only in
  tauri.conf.json, causing iframe block)
- Add devtools feature and Help > Toggle Developer Tools menu item
- Try native YouTube JS API first, fall back to cloud bridge on Error 153
- Add pause-then-play workaround for WKWebView channel switching
 2026-02-14 21:09:55 +04:00
Elie Habib
c353cf2070 Reduce egress costs, add PWA support, fix Polymarket and Railway relay 
Egress optimization:
- Add s-maxage + stale-while-revalidate to all API endpoints for Vercel CDN caching
- Add vercel.json with immutable caching for hashed assets
- Add gzip compression to sidecar responses >1KB
- Add gzip to Railway RSS responses (4 paths previously uncompressed)
- Increase polling intervals: markets/crypto 60s→120s, ETF/macro/stablecoins 60s→180s
- Remove hardcoded Railway URL from theater-posture.js (now env-var only)

PWA / Service Worker:
- Add vite-plugin-pwa with autoUpdate strategy
- Cache map tiles (CacheFirst), fonts (StaleWhileRevalidate), static assets
- NetworkOnly for all /api/* routes (real-time data must be fresh)
- Manual SW registration (web only, skip Tauri)
- Add offline fallback page
- Replace manual manifest with plugin-generated manifest

Polymarket fix:
- Route dev proxy through production Vercel (bypasses JA3 blocking)
- Add 4th fallback tier: production URL as absolute fallback

Desktop/Sidecar:
- Dual-backend cache (_upstash-cache.js): Redis cloud + in-memory+file desktop
- Settings window OK/Cancel redesign
- Runtime config and secret injection improvements
 2026-02-14 19:53:04 +04:00
Elie Habib
ad4e52caee Fix Tauri desktop runtime reliability and settings UX 2026-02-13 23:05:51 +04:00
Elie Habib
eb0f396d16 Add Tauri v2 desktop scaffold and runtime bridge 2026-02-13 08:47:12 +04:00
Elie Habib
8f218428f1 Update branding: World Monitor v2 with AI focus 
- README: Title to "World Monitor v2", AI-powered description
- index.html: Title "Global Situation with AI Insights"
- All meta tags updated (og, twitter, JSON-LD)
- Added AI keywords and features
- Updated site.webmanifest with AI branding
 2026-01-25 22:38:15 +04:00
Elie Habib
5b18693704 Improve SEO with comprehensive meta tags and JSON-LD schema 
- Shorten description to 153 chars (was 203)
- Add canonical URL
- Add search discovery metas (subject, classification, coverage)
- Expand keywords with all tracked features
- Add og:image dimensions and locale
- Fix Twitter tags (name vs property) and add creator/site
- Add JSON-LD WebApplication structured data with featureList
- Reference new og-image.png (1200x630) for social sharing
 2026-01-16 13:09:58 +04:00
Elie Habib
7f0899a9b4 Add meta tags and Open Graph for SEO and social sharing 
- Primary meta tags: title, description, keywords, author, theme-color
- Open Graph tags for Facebook/LinkedIn sharing
- Twitter Card tags for Twitter sharing
- Uses worldmonitor-icon-1024.png as og:image

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 17:51:23 +04:00
Elie Habib
9d60abec49 Add favicon and icon references 
- Add favicon links to index.html
- Move favico assets to public/ for Vite static serving
- Add root favicon.ico for default /favicon.ico requests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 17:36:14 +04:00
Elie Habib
27892b306c Initial commit: World Monitor dashboard 
Features:
- Real-time geopolitical monitoring dashboard
- Interactive D3.js world map with hotspots, conflicts, bases
- 16 news/data panels: World, Middle East, Tech, AI/ML, Finance, etc.
- Market data via Yahoo Finance (with rate limiting)
- Crypto prices via CoinGecko
- Prediction markets via Polymarket
- Earthquake data via USGS
- RSS feeds from 50+ sources including:
  - News: BBC, NPR, Guardian, Reuters, Al Jazeera
  - AI: OpenAI, Anthropic, Google AI, DeepMind
  - Government: White House, State Dept, Fed, SEC, Treasury
  - Intel: Defense One, Bellingcat, CISA, Krebs
  - Think Tanks: Brookings, CFR, CSIS
- Custom monitors with keyword alerts
- Draggable panel layout with persistence
- Time range filtering for events
- Dark theme optimized for monitoring
 2026-01-08 21:29:47 +04:00