mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00

Go to file

Elie Habib 29306008e4 fix(email): route Intelligence Brief off the alerts@ mailbox (#3321 )

* fix(email): route Intelligence Brief off the alerts@ mailbox

The daily "WorldMonitor Intelligence Brief" email was shipping from
`alerts@worldmonitor.app` with a display name that — if the Railway env
override dropped the `Name <…>` wrapper — Gmail/Outlook fell back to
rendering the local-part ("alerts" / "alert") as the sender name.
Recipients saw a scary-looking "alert" in their inbox for what is
actually a curated editorial read.

Split the sender so editorial mail can't share the `alerts@` mailbox
with incident pushes:

- New env var `RESEND_FROM_BRIEF` (default `WorldMonitor Brief
  <brief@worldmonitor.app>`) consumed by seed-digest-notifications.mjs.
- Falls back to `RESEND_FROM_EMAIL`, then to the built-in default, so
  existing deploys keep working and the rollout is a single Railway
  env flip on the digest service.
- notification-relay.cjs (realtime push alerts) intentionally keeps
  `RESEND_FROM_EMAIL` / `alerts@` — accurate for that path.
- .env.example documents the display-name rule so the bare-address
  trap can't re-introduce the bug.

Rollout: set `RESEND_FROM_BRIEF=WorldMonitor Brief <brief@worldmonitor.app>`
on the `seed-digest-notifications` Railway service. Domain-level Resend
verification already covers the new local-part; no DNS change needed.

* fix(email): runtime normalize sender to prevent bare-address regression

PR review feedback from codex:

  > P2 — RESEND_FROM_BRIEF is consumed verbatim, so an operator can
  > still set brief@worldmonitor.app without a display name and
  > recreate the same Gmail/Outlook rendering bug for the daily brief.
  > Today that protection is only documentation in .env.example, not
  > runtime enforcement.

Add a small shared helper `scripts/lib/resend-from.cjs` that coerces a
bare email address into a "Name <addr>" wrapper with a loud warning
log, and wire it into the digest path.

- Bare-address input (e.g. `brief@worldmonitor.app`) is rewritten to
  `WorldMonitor Brief <brief@worldmonitor.app>` so Gmail/Outlook stop
  falling back to the local-part as the display name.
- Coercion emits a single `console.warn` line per boot so operators
  see the signal in Railway logs and can fix the underlying env.
- Fail-safe (not fail-closed) — a misconfigured env does NOT take the
  cron down.

Also resolves the P3 doc-vs-runtime divergence by reverting
.env.example's RESEND_FROM_EMAIL default from "WorldMonitor Alerts
<...>" back to "WorldMonitor <...>" to match the existing
notification-relay.cjs runtime default. The realtime-alert path will
get the same normalizer treatment in a follow-up PR that cohesively
touches notification-relay.cjs + Dockerfile.relay.

tests: 7 new cases in tests/resend-sender-normalize.test.mjs covering
empty/null/whitespace input, wrapped passthrough, trim, bare-address
coercion, warning emission, no-warning on wrapped, console.warn default
sink. Runs under `npm run test:data`.

2026-04-23 08:51:27 +04:00

.github

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

.husky

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

api

feat(energy): Energy Atlas end-to-end — pipelines + storage + shortages + disruptions + country drill-down (#3294 )

2026-04-23 07:34:07 +04:00

blog-site

feat(seo): BlogPosting schema, FAQPage JSON-LD, extensible author system (#2284 )

2026-03-26 12:48:56 +04:00

consumer-prices-core

fix(railway): tolerate Ubuntu apt mirror failures in NIXPACKS + Dockerfile builds (#3142 )

2026-04-17 08:35:20 +04:00

convex

refactor(emails): refresh Pro welcome email — surface WM Analyst, Widgets, MCP (#3300 )

2026-04-22 23:18:32 +04:00

data

feat(oref): Tzeva Adom as primary alert source + Hebrew translation dictionaries (#2863 )

2026-04-09 12:39:34 +04:00

deploy/nginx

Add Brotli-first API compression for sidecar and nginx

2026-02-20 08:41:22 +04:00

docker

fix(csp): allow Dodo payment frames + Google Pay permission (#2789 )

2026-04-07 20:26:50 +04:00

docs

feat(resilience): PR 2 pre-scorer — SWF manifest + seeder (8/8 funds) (#3305 )

2026-04-23 07:58:40 +04:00

e2e

feat(auth): integrate clerk.dev (#1812 )

2026-03-26 13:47:22 +02:00

plans

perf(map): lazy supercluster init, memoize filterByTime, lazy static layers (#1985 )

2026-03-21 15:32:51 +04:00

pro-test

fix(pro-marketing): /pro reflects entitlement — swap upgrade CTAs to dashboard link for Pro users (#3301 )

2026-04-22 23:39:32 +04:00

proto

feat(energy): Energy Atlas end-to-end — pipelines + storage + shortages + disruptions + country drill-down (#3294 )

2026-04-23 07:34:07 +04:00

public

fix(pro-marketing): /pro reflects entitlement — swap upgrade CTAs to dashboard link for Pro users (#3301 )

2026-04-22 23:39:32 +04:00

scripts

fix(email): route Intelligence Brief off the alerts@ mailbox (#3321 )

2026-04-23 08:51:27 +04:00

server

feat(energy): Energy Atlas end-to-end — pipelines + storage + shortages + disruptions + country drill-down (#3294 )

2026-04-23 07:34:07 +04:00

shared

fix(brief): category-gated context + RELEVANCE RULE to stop formulaic grounding (#3281 )

2026-04-22 08:21:01 +04:00

src

feat(energy): Energy Atlas end-to-end — pipelines + storage + shortages + disruptions + country drill-down (#3294 )

2026-04-23 07:34:07 +04:00

src-tauri

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

tests

fix(email): route Intelligence Brief off the alerts@ mailbox (#3321 )

2026-04-23 08:51:27 +04:00

todos

feat(digest-dedup): Phase A — embedding-based dedup scaffolding (no-op) (#3200 )

2026-04-19 13:49:48 +04:00

.dockerignore

feat: self-hosted Docker stack (#1521 )

2026-03-19 12:07:20 +04:00

.env.example

fix(email): route Intelligence Brief off the alerts@ mailbox (#3321 )

2026-04-23 08:51:27 +04:00

.gitignore

feat(brief): route whyMatters through internal analyst-context endpoint (#3248 )

2026-04-21 14:03:27 +04:00

.markdownlint-cli2.jsonc

refactor(sanctions): simplify handler to Redis-read-only, fix seed OOM risk (#1753 )

2026-03-17 12:20:10 +04:00

.npmrc

chore: suppress npm deprecation warnings via .npmrc loglevel=error (#1862 )

2026-03-19 09:48:23 +04:00

.nvmrc

fix(dx): add node_modules guard to pre-push hook and pin Node 22 (#1368 )

2026-03-10 08:27:44 +04:00

.vercelignore

feat: Arabic font support and HLS live streaming UI (#1020 )

2026-03-05 10:16:43 +04:00

AGENTS.md

feat: harness engineering P0 - linting, testing, architecture docs (#1587 )

2026-03-14 21:29:21 +04:00

ARCHITECTURE.md

feat: harness engineering P0 - linting, testing, architecture docs (#1587 )

2026-03-14 21:29:21 +04:00

biome.json

feat(supply-chain): Global Shipping Intelligence — Sprint 0 + Sprint 1 (#2870 )

2026-04-09 17:06:03 +04:00

brief-palette-playground.html

feat(brief): swap sienna rust for two-strength WM mint (Option B palette) (#3178 )

2026-04-18 20:50:16 +04:00

CHANGELOG.md

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

CODE_OF_CONDUCT.md

docs: add community guidelines (contributing, code of conduct, security) (#226 )

2026-02-22 16:26:13 +02:00

compound-engineering.local.md

feat(finance-panels): add 7 macro/market panels + Daily Brief context (issues #2245-#2253) (#2258 )

2026-03-26 08:03:09 +04:00

CONTRIBUTING.md

fix: add India boundary override from Natural Earth 50m data (#1796 )

2026-03-19 02:40:05 +04:00

DEPLOYMENT-PLAN.md

feat(auth): integrate clerk.dev (#1812 )

2026-03-26 13:47:22 +02:00

docker-compose.yml

Revert "feat: seed orchestrator with auto-seeding, persistence, and managemen…" (#2060 )

2026-03-22 19:59:42 +04:00

Dockerfile

Revert "feat: seed orchestrator with auto-seeding, persistence, and managemen…" (#2060 )

2026-03-22 19:59:42 +04:00

Dockerfile.digest-notifications

feat(brief): route whyMatters through internal analyst-context endpoint (#3248 )

2026-04-21 14:03:27 +04:00

Dockerfile.relay

fix(relay): COPY missing _seed-envelope-source + _seed-contract — chokepointFlows stale 32h (#3132 )

2026-04-16 17:28:16 +04:00

Dockerfile.seed-bundle-portwatch-port-activity

feat(portwatch): split port-activity into standalone Railway cron + restore per-country shape (#3231 )

2026-04-20 15:21:43 +04:00

Dockerfile.seed-bundle-resilience-validation

fix(resilience): ship full scripts/ tree in validation Docker image (#3054 )

2026-04-13 15:43:55 +04:00

index.html

fix(csp): allow Stripe 3D Secure frames + consolidate Dodo CSP entries (#2806 )

2026-04-07 23:47:27 +04:00

LICENSE

chore: switch license to AGPL-3.0, externalize Sentry DSN

2026-02-19 07:24:47 +04:00

live-channels.html

feat(live): custom channel management with review fixes (#282 )

2026-02-23 22:51:44 +00:00

Makefile

feat(advisories): gold standard migration for security advisories (#1637 )

2026-03-15 11:54:08 +04:00

middleware.ts

fix(brief): unblock whyMatters analyst endpoint (middleware 403) + DIGEST_ONLY_USER filter (#3255 )

2026-04-21 19:41:58 +04:00

nixpacks.toml

fix(railway): tolerate Ubuntu apt mirror failures in NIXPACKS + Dockerfile builds (#3142 )

2026-04-17 08:35:20 +04:00

package-lock.json

fix(brief): switch carousel to @vercel/og on edge runtime (#3210 )

2026-04-19 15:18:12 +04:00

package.json

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

playwright.config.ts

test: add coverage for finance/trending/reload and stabilize map harness

2026-02-17 19:22:55 +04:00

README.md

docs(marketing): bump source-count claims from 435+ to 500+ (#3241 )

2026-04-20 22:39:42 +04:00

SECURITY.md

security: harden IPC, gate DevTools, isolate external windows, exempt /api/version (#348 )

2026-02-25 06:14:16 +00:00

SELF_HOSTING.md

feat: self-hosted Docker stack (#1521 )

2026-03-19 12:07:20 +04:00

settings.html

docs: expand AGPL-3.0 license section in README (#1143 )

2026-03-06 23:47:04 +04:00

tsconfig.api.json

fix(resilience): satisfy release gate validation (#2686 )

2026-04-04 19:31:02 +04:00

tsconfig.json

Add missing layers to DeckGLMap for feature parity with D3 Map

2026-01-25 07:21:33 +00:00

vercel.json

fix(brief): switch carousel to @vercel/og on edge runtime (#3210 )

2026-04-19 15:18:12 +04:00

vite.config.ts

chore(api): enforce sebuf contract + migrate drifting endpoints (#3207 ) (#3242 )

2026-04-22 09:55:59 +03:00

vitest.config.mts

feat: Dodo Payments integration + entitlement engine & webhook pipeline (#2024 )

2026-04-03 00:25:18 +04:00

README.md

World Monitor

Real-time global intelligence dashboard — AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface.

Documentation · Releases · Contributing

What It Does

500+ curated news feeds across 15 categories, AI-synthesized into briefs
Dual map engine — 3D globe (globe.gl) and WebGL flat map (deck.gl) with 45 data layers
Cross-stream correlation — military, economic, disaster, and escalation signal convergence
Country Intelligence Index — composite risk scoring across 12 signal categories
Finance radar — 92 stock exchanges, commodities, crypto, and 7-signal market composite
Local AI — run everything with Ollama, no API keys required
5 site variants from a single codebase (world, tech, finance, commodity, happy)
Native desktop app (Tauri 2) for macOS, Windows, and Linux
21 languages with native-language feeds and RTL support

For the full feature list, architecture, data sources, and algorithms, see the documentation.

Quick Start

git clone https://github.com/koala73/worldmonitor.git
cd worldmonitor
npm install
npm run dev

Open localhost:5173. No environment variables required for basic operation.

For variant-specific development:

npm run dev:tech       # tech.worldmonitor.app
npm run dev:finance    # finance.worldmonitor.app
npm run dev:commodity  # commodity.worldmonitor.app
npm run dev:happy      # happy.worldmonitor.app

See the self-hosting guide for deployment options (Vercel, Docker, static).

Tech Stack

Category	Technologies
Frontend	Vanilla TypeScript, Vite, globe.gl + Three.js, deck.gl + MapLibre GL
Desktop	Tauri 2 (Rust) with Node.js sidecar
AI/ML	Ollama / Groq / OpenRouter, Transformers.js (browser-side)
API Contracts	Protocol Buffers (92 protos, 22 services), sebuf HTTP annotations
Deployment	Vercel Edge Functions (60+), Railway relay, Tauri, PWA
Caching	Redis (Upstash), 3-tier cache, CDN, service worker

Full stack details in the architecture docs.

Flight Data

Flight data provided gracefully by Wingbits, the most advanced ADS-B flight data solution.

Data Sources

WorldMonitor aggregates 65+ external data sources across geopolitics, finance, energy, climate, aviation, cyber, military, infrastructure, and news intelligence. See the full data sources catalog for providers, feed tiers, and collection methods.

Contributing

Contributions welcome! See CONTRIBUTING.md for guidelines.

npm run typecheck        # Type checking
npm run build:full       # Production build

License

AGPL-3.0 for non-commercial use. Commercial license required for any commercial use.

Use Case	Allowed?
Personal / research / educational	Yes
Self-hosted (non-commercial)	Yes, with attribution
Fork and modify (non-commercial)	Yes, share source under AGPL-3.0
Commercial use / SaaS / rebranding	Requires commercial license

See LICENSE for full terms. For commercial licensing, contact the maintainer.

Author

Elie Habib — GitHub

Contributors

Security Acknowledgments

We thank the following researchers for responsibly disclosing security issues:

Cody Richard — Disclosed three security findings covering IPC command exposure, renderer-to-sidecar trust boundary analysis, and fetch patch credential injection architecture (2026)

See our Security Policy for responsible disclosure guidelines.

worldmonitor.app · docs.worldmonitor.app · finance.worldmonitor.app · commodity.worldmonitor.app

Star History

Languages

TypeScript 49.1%

JavaScript 47%

CSS 2.9%

HTML 0.4%

Rust 0.3%

Other 0.1%