mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
def94733a8
* feat(agent-readiness): Agent Skills discovery index (#3310) Closes #3310. Ships the Agent Skills Discovery v0.2.0 manifest at /.well-known/agent-skills/index.json plus two real, useful skills. Skills are grounded in real sebuf proto RPCs: - fetch-country-brief → GetCountryIntelBrief (public). - fetch-resilience-score → GetResilienceScore (Pro / API key). Each SKILL.md documents endpoint, auth, parameters, response shape, worked curl, errors, and when not to use the skill. scripts/build-agent-skills-index.mjs walks every public/.well-known/agent-skills/<name>/SKILL.md, sha256s the bytes, and emits index.json. Wired into prebuild + every variant build so a deploy can never ship an index whose digests disagree with served files. tests/agent-skills-index.test.mjs asserts the index is up-to-date via the script's --check mode and recomputes every sha256 against the on-disk SKILL.md bytes. Discovery wiring: - public/.well-known/api-catalog: new anchor entry with the agent-skills-index rel per RFC 9727 linkset shape. - vercel.json: adds agent-skills-index rel to the homepage + /index.html Link headers; deploy-config required-rels list updated. Canonical URLs use the apex (worldmonitor.app) since #3322 fixed the apex redirect that previously hid .well-known paths. * fix(agent-readiness): correct auth header + harden frontmatter parser (#3310) Addresses review findings on #3310. ## P1 — auth header was wrong in both SKILL.md files The published skills documented `Authorization: Bearer wm_live_...`, but WorldMonitor API keys must be sent in `X-WorldMonitor-Key`. `Authorization: Bearer` is for MCP/OAuth or Clerk JWTs — not raw `wm_live_...` keys. Agents that followed the SKILL.md verbatim would have gotten 401s despite holding valid keys. fetch-country-brief also incorrectly claimed the endpoint was "public"; server-to-server callers without a trusted browser origin are rejected by `validateApiKey`, so agents do need a key there too. Fixed both SKILL.md files to document `X-WorldMonitor-Key` and cross-link docs/usage-auth as the canonical auth matrix. ## P2 — frontmatter parser brittleness The hand-rolled parser used `indexOf('\n---', 4)` as the closing fence, which matched any body line that happened to start with `---`. Swapped for a regex that anchors the fence to its own line, and delegated value parsing to js-yaml (already a project dep) so future catalog growth (quoted colons, typed values, arrays) does not trip new edge cases. Added parser-contract tests that lock in the new semantics: body `---` does not terminate the block, values with colons survive intact, non-mapping frontmatter throws, and no-frontmatter files return an empty mapping. Index.json rebuilt against the updated SKILL.md bytes.
152 lines
8.3 KiB
JSON
152 lines
8.3 KiB
JSON
{
|
|
"name": "world-monitor",
|
|
"private": true,
|
|
"version": "2.6.7",
|
|
"license": "AGPL-3.0-only",
|
|
"type": "module",
|
|
"scripts": {
|
|
"lint": "biome lint ./src ./server ./api ./tests ./e2e ./scripts ./middleware.ts",
|
|
"lint:fix": "biome check ./src ./server ./api ./tests ./e2e ./scripts ./middleware.ts --fix",
|
|
"lint:boundaries": "node scripts/lint-boundaries.mjs",
|
|
"lint:api-contract": "node scripts/enforce-sebuf-api-contract.mjs",
|
|
"lint:rate-limit-policies": "node scripts/enforce-rate-limit-policies.mjs",
|
|
"lint:unicode": "node scripts/check-unicode-safety.mjs",
|
|
"lint:unicode:staged": "node scripts/check-unicode-safety.mjs --staged",
|
|
"lint:md": "markdownlint-cli2 '**/*.md' '!**/node_modules/**' '!.agent/**' '!.agents/**' '!.claude/**' '!.factory/**' '!.windsurf/**' '!skills/**' '!docs/internal/**' '!docs/Docs_To_Review/**' '!todos/**' '!docs/plans/**' '!docs/brainstorms/**' '!docs/ideation/**'",
|
|
"version:sync": "node scripts/sync-desktop-version.mjs",
|
|
"version:check": "node scripts/sync-desktop-version.mjs --check",
|
|
"dev": "vite",
|
|
"dev:tech": "cross-env VITE_VARIANT=tech vite",
|
|
"dev:finance": "cross-env VITE_VARIANT=finance vite",
|
|
"dev:happy": "cross-env VITE_VARIANT=happy vite",
|
|
"dev:commodity": "cross-env VITE_VARIANT=commodity vite",
|
|
"postinstall": "cd blog-site && npm ci --prefer-offline",
|
|
"build:blog": "cd blog-site && npm run build && rm -rf ../public/blog && mkdir -p ../public/blog && cp -r dist/* ../public/blog/",
|
|
"build:pro": "cd pro-test && npm install && npm run build",
|
|
"build:openapi": "node -e \"require('fs').cpSync('docs/api/worldmonitor.openapi.yaml', 'public/openapi.yaml')\"",
|
|
"build:agent-skills": "node scripts/build-agent-skills-index.mjs",
|
|
"prebuild": "npm run build:openapi && npm run build:agent-skills",
|
|
"build": "npm run build:blog && tsc && vite build",
|
|
"build:sidecar-sebuf": "node scripts/build-sidecar-sebuf.mjs",
|
|
"build:desktop": "node scripts/build-sidecar-sebuf.mjs && node scripts/build-sidecar-handlers.mjs && tsc && vite build",
|
|
"build:full": "npm run build:openapi && npm run build:agent-skills && npm run build:blog && cross-env-shell VITE_VARIANT=full \"tsc && vite build\"",
|
|
"build:tech": "npm run build:openapi && npm run build:agent-skills && cross-env-shell VITE_VARIANT=tech \"tsc && vite build\"",
|
|
"build:finance": "npm run build:openapi && npm run build:agent-skills && cross-env-shell VITE_VARIANT=finance \"tsc && vite build\"",
|
|
"build:happy": "npm run build:openapi && npm run build:agent-skills && cross-env-shell VITE_VARIANT=happy \"tsc && vite build\"",
|
|
"build:commodity": "npm run build:openapi && npm run build:agent-skills && cross-env-shell VITE_VARIANT=commodity \"tsc && vite build\"",
|
|
"typecheck": "tsc --noEmit",
|
|
"typecheck:api": "tsc --noEmit -p tsconfig.api.json",
|
|
"typecheck:all": "tsc --noEmit && tsc --noEmit -p tsconfig.api.json",
|
|
"tauri": "tauri",
|
|
"preview": "vite preview",
|
|
"test:e2e:full": "cross-env VITE_VARIANT=full playwright test",
|
|
"test:e2e:tech": "cross-env VITE_VARIANT=tech playwright test",
|
|
"test:e2e:finance": "cross-env VITE_VARIANT=finance playwright test",
|
|
"test:e2e:runtime": "cross-env VITE_VARIANT=full playwright test e2e/runtime-fetch.spec.ts",
|
|
"test:e2e": "npm run test:e2e:runtime && npm run test:e2e:full && npm run test:e2e:tech && npm run test:e2e:finance",
|
|
"test:data": "tsx --test tests/*.test.mjs tests/*.test.mts",
|
|
"test:feeds": "node scripts/validate-rss-feeds.mjs",
|
|
"test:sidecar": "node --test src-tauri/sidecar/local-api-server.test.mjs api/_cors.test.mjs api/youtube/embed.test.mjs api/cyber-threats.test.mjs api/usni-fleet.test.mjs scripts/ais-relay-rss.test.cjs api/loaders-xml-wms-regression.test.mjs",
|
|
"test:e2e:visual:full": "cross-env VITE_VARIANT=full playwright test -g \"matches golden screenshots per layer and zoom\"",
|
|
"test:e2e:visual:tech": "cross-env VITE_VARIANT=tech playwright test -g \"matches golden screenshots per layer and zoom\"",
|
|
"test:e2e:visual": "npm run test:e2e:visual:full && npm run test:e2e:visual:tech",
|
|
"test:e2e:visual:update:full": "cross-env VITE_VARIANT=full playwright test -g \"matches golden screenshots per layer and zoom\" --update-snapshots",
|
|
"test:e2e:visual:update:tech": "cross-env VITE_VARIANT=tech playwright test -g \"matches golden screenshots per layer and zoom\" --update-snapshots",
|
|
"test:e2e:visual:update": "npm run test:e2e:visual:update:full && npm run test:e2e:visual:update:tech",
|
|
"desktop:dev": "npm run version:sync && cross-env VITE_DESKTOP_RUNTIME=1 tauri dev -f devtools",
|
|
"desktop:build:full": "npm run version:sync && cross-env VITE_VARIANT=full VITE_DESKTOP_RUNTIME=1 tauri build",
|
|
"desktop:build:tech": "npm run version:sync && cross-env VITE_VARIANT=tech VITE_DESKTOP_RUNTIME=1 tauri build --config src-tauri/tauri.tech.conf.json",
|
|
"desktop:build:finance": "npm run version:sync && cross-env VITE_VARIANT=finance VITE_DESKTOP_RUNTIME=1 tauri build --config src-tauri/tauri.finance.conf.json",
|
|
"desktop:package:macos:full": "node scripts/desktop-package.mjs --os macos --variant full",
|
|
"desktop:package:macos:tech": "node scripts/desktop-package.mjs --os macos --variant tech",
|
|
"desktop:package:windows:full": "node scripts/desktop-package.mjs --os windows --variant full",
|
|
"desktop:package:windows:tech": "node scripts/desktop-package.mjs --os windows --variant tech",
|
|
"desktop:package:macos:full:sign": "node scripts/desktop-package.mjs --os macos --variant full --sign",
|
|
"desktop:package:macos:tech:sign": "node scripts/desktop-package.mjs --os macos --variant tech --sign",
|
|
"desktop:package:windows:full:sign": "node scripts/desktop-package.mjs --os windows --variant full --sign",
|
|
"desktop:package:windows:tech:sign": "node scripts/desktop-package.mjs --os windows --variant tech --sign",
|
|
"desktop:package": "node scripts/desktop-package.mjs",
|
|
"test:convex": "vitest run --config vitest.config.mts",
|
|
"test:convex:watch": "vitest --config vitest.config.mts"
|
|
},
|
|
"devDependencies": {
|
|
"@biomejs/biome": "^2.4.7",
|
|
"@bufbuild/buf": "^1.66.0",
|
|
"@edge-runtime/vm": "^5.0.0",
|
|
"@playwright/test": "^1.52.0",
|
|
"@tauri-apps/cli": "^2.10.0",
|
|
"@types/canvas-confetti": "^1.9.0",
|
|
"@types/d3": "^7.4.3",
|
|
"@types/dompurify": "^3.0.5",
|
|
"@types/geojson": "^7946.0.14",
|
|
"@types/maplibre-gl": "^1.13.2",
|
|
"@types/marked": "^5.0.2",
|
|
"@types/papaparse": "^5.5.2",
|
|
"@types/supercluster": "^7.1.3",
|
|
"@types/three": "^0.183.1",
|
|
"@types/topojson-client": "^3.1.5",
|
|
"@types/topojson-specification": "^1.0.5",
|
|
"convex-test": "^0.0.43",
|
|
"cross-env": "^10.1.0",
|
|
"esbuild": "^0.27.3",
|
|
"exceljs": "^4.4.0",
|
|
"h3-js": "^4.4.0",
|
|
"markdownlint-cli2": "^0.21.0",
|
|
"tsx": "^4.21.0",
|
|
"typescript": "^5.7.2",
|
|
"vite": "^6.0.7",
|
|
"vite-plugin-pwa": "^1.2.0",
|
|
"vitest": "^4.1.0"
|
|
},
|
|
"dependencies": {
|
|
"@anthropic-ai/sdk": "^0.82.0",
|
|
"@aws-sdk/client-s3": "^3.1009.0",
|
|
"@clerk/clerk-js": "^5.56.0",
|
|
"@deck.gl/aggregation-layers": "^9.2.11",
|
|
"@deck.gl/core": "^9.2.11",
|
|
"@deck.gl/geo-layers": "^9.2.11",
|
|
"@deck.gl/layers": "^9.2.11",
|
|
"@deck.gl/mapbox": "^9.2.11",
|
|
"@dodopayments/convex": "^0.2.8",
|
|
"@protomaps/basemaps": "^5.7.1",
|
|
"@sentry/browser": "^10.39.0",
|
|
"@upstash/ratelimit": "^2.0.8",
|
|
"@upstash/redis": "^1.36.1",
|
|
"@vercel/analytics": "^2.0.0",
|
|
"@vercel/og": "^0.11.1",
|
|
"@xenova/transformers": "^2.17.2",
|
|
"canvas-confetti": "^1.9.4",
|
|
"convex": "^1.32.0",
|
|
"d3": "^7.9.0",
|
|
"deck.gl": "^9.2.11",
|
|
"dodopayments-checkout": "^1.8.0",
|
|
"dompurify": "^3.1.7",
|
|
"fast-xml-parser": "^5.3.7",
|
|
"globe.gl": "^2.45.0",
|
|
"hls.js": "^1.6.15",
|
|
"i18next": "^25.8.10",
|
|
"i18next-browser-languagedetector": "^8.2.1",
|
|
"jose": "^6.2.2",
|
|
"maplibre-gl": "^5.16.0",
|
|
"marked": "^17.0.3",
|
|
"onnxruntime-web": "^1.23.2",
|
|
"papaparse": "^5.5.3",
|
|
"pmtiles": "^4.4.0",
|
|
"preact": "^10.25.4",
|
|
"satellite.js": "^6.0.2",
|
|
"supercluster": "^8.0.1",
|
|
"telegram": "^2.26.22",
|
|
"topojson-client": "^3.1.0",
|
|
"uqr": "^0.1.2",
|
|
"ws": "^8.19.0",
|
|
"yaml": "^2.8.3",
|
|
"youtubei.js": "^16.0.1"
|
|
},
|
|
"overrides": {
|
|
"fast-xml-parser": "^5.3.7",
|
|
"serialize-javascript": "^7.0.4",
|
|
"node-forge": "^1.4.0",
|
|
"srvx": "^0.11.13"
|
|
}
|
|
}
|