Skip to main content

Data Layers

Real-Time Data Layers

Intelligence Feeds

Telegram OSINT Intelligence Feed

56 enabled channels in the default full Telegram channel set provide a raw, low-latency intelligence feed covering conflict zones, OSINT analysis, and breaking news — sources that are often minutes ahead of traditional wire services during fast-moving events.
TierEnabled channels in full set
Tier 13
Tier 223
Tier 330
The channel set intentionally includes official, state-affiliated, partisan, and belligerent-party channels — for example military, ministry, state-media, and faction-aligned sources alongside independent OSINT accounts. Telegram posts are ingested as raw OSINT leads, not endorsed truth. The Telegram channel config carries operational tier, topic, and region metadata for polling and filtering; unlike RSS feeds, Telegram channels do not currently carry the RSS stateAffiliation or propaganda-risk fields, so source-bias review must use the disclosed channel identity plus the operational tier rather than RSS-style affiliation tags. Architecture: A GramJS MTProto client running on the Railway relay polls all channels sequentially on a 60-second cycle. Each channel has a 15-second timeout (GramJS getEntity/getMessages can hang indefinitely on FLOOD_WAIT or MTProto stalls), and the entire cycle has a 3-minute hard timeout. A stuck-poll guard force-clears the mutex after 3.5 minutes, and FLOOD_WAIT errors from Telegram’s API stop the cycle early rather than propagating to every remaining channel. Messages are deduplicated by ID, filtered to exclude media-only posts (images without text), truncated to 800 characters, and stored in a rolling 200-item buffer. The relay connects with a 60-second startup delay to prevent AUTH_KEY_DUPLICATED errors during Railway container restarts (the old container must fully disconnect before the new one authenticates). Topic classification (breaking, conflict, alerts, osint, politics, middleeast) and channel-based filtering happen at query time via the /telegram/feed relay endpoint.

OREF Rocket Alert Integration

The dashboard monitors Israel’s Home Front Command (Pikud HaOref) alert system for incoming rocket, missile, and drone sirens — a real-time signal that is difficult to obtain programmatically due to Akamai WAF protection. Data flow: The Railway relay polls oref.org.il using curl (not Node.js fetch, which is JA3-blocked) through a residential proxy with an Israeli exit IP. On startup, the relay bootstraps history via a two-phase strategy: Phase 1 loads from Redis (filtering entries older than 7 days); if Redis is empty, Phase 2 fetches from the upstream OREF API with exponential backoff retry (up to 3 attempts, delays of 3s/6s/12s + jitter). Alert history is persisted to Redis with dirty-flag deduplication to prevent redundant writes. Live alerts are polled every 5 minutes. Wave detection groups individual siren records by timestamp to identify distinct attack waves. Israel-local timestamps are converted to UTC with DST-aware offset calculation. 1,480 Hebrew→English location translations — an auto-generated dictionary (from the pikud-haoref-api cities.json source) enables automatic translation of Hebrew city names in alert data. Unicode bidirectional control characters are stripped via sanitizeHebrew() before translation lookups to prevent mismatches. CII integration: Active OREF alerts boost Israel’s CII conflict component by up to 50 points (25 + min(25, alertCount × 5)). Rolling 24-hour history adds a secondary boost: 3–9 alerts in the window contribute +5, 10+ contribute +10 to the blended score. This means a sustained multi-wave rocket barrage drives Israel’s CII significantly higher than a single isolated alert.

GPS/GNSS Interference Detection

GPS jamming and spoofing — increasingly used as electronic warfare in conflict zones — is detected by analyzing ADS-B transponder data from aircraft that report GPS anomalies. Data is sourced from gpsjam.org, which aggregates ADS-B Exchange data into H3 resolution-4 hexagonal grid cells. Classification: Each H3 cell reports the ratio of aircraft with GPS anomalies vs. total aircraft. Cells with fewer than 3 aircraft are excluded as statistically noisy. The remaining cells are classified:
Interference LevelBad Aircraft %Map Color
Low0–2%Hidden
Medium2–10%Amber
High> 10%Red
Region tagging: Each hex cell is tagged to one of 12 named conflict regions via bounding-box classification (Iran-Iraq, Levant, Ukraine-Russia, Baltic, Mediterranean, Black Sea, Arctic, Caucasus, Central Asia, Horn of Africa, Korean Peninsula, South China Sea) for filtered region views. CII integration: ingestGpsJammingForCII maps each H3 hex centroid to a country via the local geometry service, then accumulates per-country interference counts. In the CII security component, GPS jamming contributes up to 35 points: min(35, highCount × 5 + mediumCount × 2).

Security Advisory Aggregation

Government travel advisories serve as expert risk assessments from national intelligence agencies — when the US State Department issues a “Do Not Travel” advisory, it reflects classified threat intelligence that no open-source algorithm can replicate. Sources: 3 government advisory feeds (US State Dept, Australia DFAT Smartraveller, UK FCDO), 13 US Embassy country-specific alert feeds (Thailand, UAE, Germany, Ukraine, Mexico, India, Pakistan, Colombia, Poland, Bangladesh, Italy, Dominican Republic, Myanmar), and health agency feeds (CDC Travel Notices, ECDC epidemiological updates, WHO News, WHO Africa Emergencies). Advisory levels (ranked): Do-Not-Travel (4) → Reconsider Travel (3) → Exercise Caution (2) → Normal (1) → Info (0). Both RSS (item) and Atom (entry) formats are parsed. Country extraction uses a 265-entry country name map (generated from GeoJSON + aliases) for accurate matching of compound names and alternative spellings. Architecture: Advisories follow the gold standard pattern. A Railway cron seed (seed-security-advisories.mjs) fetches all 24 feeds hourly via the relay RSS proxy, deduplicates by title, builds a byCountry risk-level map, and writes to Redis. The Vercel ListSecurityAdvisories RPC reads Redis only (no external calls). Bootstrap hydration provides instant advisory data on page load. CII integration — the server-side CII scorer reads the seeded advisory byCountry level when available and otherwise may use an embedded State Department fallback table for selected countries. Each emitted CiiScore exposes advisoryLevel and advisoryProvenance (live, fallback, or absent) so downstream users can tell whether the score used the live feed, fallback table, or no advisory input. Advisories feed into instability scores through two mechanisms:
  • Score boost: Do-Not-Travel → +15 points, Reconsider → +10, Caution → +5. The server scorer uses the live byCountry level when present; if live data is missing for selected Tier-1 countries, it falls back to the published CII advisory table rather than adding a separate multi-source agreement boost.
  • Score floor: Do-Not-Travel forces a minimum CII score of 60; Reconsider forces minimum 50. This prevents a country with low event data but active or curated advisory risk from showing an artificially calm score.
CII advisory fallback: The score-shifting fallback table is intentionally small and versioned with the CII methodology. It currently covers AF, MM, SY, UA, and YE as Do-Not-Travel; CU, IL, IQ, IR, LB, MX, PK, and VE as Reconsider; and RU and TR as Caution. Live advisory feed values override the fallback for the same country. See CII Risk Scoring Methodology for the rationale and per-country score effects. The Security Advisories panel displays advisories with colored level badges and source country flags, filterable by severity (Critical, All) and issuing source group (US, AU, UK, Health).

Airport Delay & NOTAM Monitoring

111 airports across 5 regions (Americas, Europe, Asia-Pacific, MENA, Africa) are continuously monitored for delays, ground stops, and closures through three independent data sources:
SourceCoverageMethod
FAA ASWS14 US hub airportsReal-time XML feed from nasstatus.faa.gov — ground delays, ground stops, arrival/departure delays, closures
AviationStack40 international airportsLast 100 flights per airport — cancellation rate and average delay duration computed from flight records
ICAO NOTAM API46 MENA airportsReal-time NOTAM (Notice to Air Missions) query for active airport/airspace closures
NOTAM closure detection targets MENA airports where airspace closures due to military activity or security events carry strategic significance. Detection uses two methods: ICAO Q-code matching (aerodrome/airspace closure codes FA, AH, AL, AW, AC, AM combined with closure qualifiers LC, AS, AU, XX, AW) and free-text regex scanning for closure keywords (AD CLSD, AIRPORT CLOSED, AIRSPACE CLOSED). When a NOTAM closure is detected, it overrides any existing delay alert for that airport with a severe/closure classification. Severity thresholds: Average delay ≥15min or ≥15% delayed flights = minor; ≥30min/30% = moderate; ≥45min/45% = major; ≥60min/60% = severe. Cancellation rate ≥80% with ≥10 flights = closure. All results are cached for 30 minutes in Redis. When no AviationStack API key is configured, the system generates probabilistic simulated delays for demonstration — rush-hour windows and high-traffic airports receive higher delay probability.

Aviation Intelligence Panel

The Airline Intel panel provides a comprehensive 6-tab aviation monitoring interface covering operations, flights, carriers, tracking, news, and pricing:
TabDataSource
OpsDelay percentages, cancellation rates, NOTAM closures, ground stopsFAA ASWS, AviationStack, ICAO
FlightsSpecific flight status with scheduled vs estimated times, divert/cancel flagsAviationStack flight lookup
AirlinesPer-carrier statistics at monitored airports (delay %, cancellation rate, flight count)AviationStack carrier ops
TrackingLive ADS-B aircraft positions with altitude, ground speed, heading, on-ground statusOpenSky / Wingbits
News20+ recent aviation news items with entity matching (airlines, airports, aircraft types)RSS feeds tagged aviation
PricesMulti-carrier price quotes with cabin selection (Economy/Business), currency conversion, non-stop filtersTravelpayouts cached data
Aviation watchlist — users customize a personal list of airports (IATA codes), airlines, and routes persisted to localStorage as aviation:watchlist:v1. The default watchlist includes IST, ESB, SAW, LHR, FRA, CDG airports and TK airline, reflecting common monitoring needs. The watchlist drives which airports appear in the Ops tab and which carriers are tracked in the Airlines tab. Delay severity is classified across five levels — normal, minor, moderate, major, severe — with each alert carrying a severity source (FAA, Eurocontrol, or computed from flight data). The panel auto-refreshes on a 5-minute polling cycle with a live indicator badge, and uses a SmartPollLoop with adaptive backoff on failures.

Cyber & Natural Events

Cyber Threat Intelligence Layer

Six threat intelligence feeds provide indicators of compromise (IOCs) for active command-and-control servers, malware distribution hosts, phishing campaigns, malicious URLs, and ransomware operations:
FeedIOC TypeCoverage
Feodo Tracker (abuse.ch)C2 serversBotnet C&C infrastructure
URLhaus (abuse.ch)Malware hostsMalware distribution URLs
C2IntelFeedsC2 serversCommunity-sourced C2 indicators
AlienVault OTXMixedOpen threat exchange pulse IOCs
AbuseIPDBMalicious IPsCrowd-sourced abuse reports
Ransomware.liveRansomwareActive ransomware group feeds
Each IP-based IOC is geo-enriched using ipinfo.io with freeipapi.com as fallback. Geolocation results are Redis-cached for 24 hours. Enrichment runs concurrently — 16 parallel lookups with a 12-second timeout, processing up to 250 IPs per collection run. IOCs are classified into four types (c2_server, malware_host, phishing, malicious_url) with four severity levels, rendered as color-coded scatter dots on the globe. The layer uses a 10-minute cache, a 14-day rolling window, and caps display at 500 IOCs to maintain rendering performance.

Natural Disaster Monitoring

Three independent sources are merged into a unified disaster picture, then deduplicated on a 0.1° geographic grid:
SourceCoverageTypesUpdate Frequency
USGSGlobal earthquakes M4.5+Earthquakes5 minutes
GDACSUN-coordinated disaster alertsEarthquakes, floods, cyclones, volcanoes, wildfires, droughtsReal-time
NASA EONETEarth observation events13 natural event categories (30-day open events)Real-time
GDACS events carry color-coded alert levels (Red = critical, Orange = high) and are filtered to exclude low-severity Green alerts. EONET wildfires are filtered to events within 48 hours to prevent stale data. Earthquakes from EONET are excluded since USGS provides higher-quality seismological data. The merged output feeds into the signal aggregator for geographic convergence detection — e.g., an earthquake near a pipeline triggers an infrastructure cascade alert.

Dual-Source Protest Tracking

Protest data is sourced from two independent providers to reduce single-source bias:
  1. ACLED (Armed Conflict Location & Event Data) — 30-day window, tokenized API with Redis caching (10-minute TTL). Covers protests, riots, strikes, and demonstrations with actor attribution and fatality counts.
  2. GDELT (Global Database of Events, Language, and Tone) — 7-day geospatial event feed filtered to protest keywords. Events with mention count ≥5 are included; those above 30 are marked as validated.
Events from both sources are Haversine-deduplicated on a 0.1° grid (~10km) with same-day matching. ACLED events take priority due to higher editorial confidence. Severity is classified as:
  • High — fatalities present or riot/clash keywords
  • Medium — standard protest/demonstration
  • Low — default
Protest scoring is regime-aware: democratic countries use logarithmic scaling (routine protests don’t trigger instability), while authoritarian states use linear scoring (every protest is significant). Fatalities and concurrent internet outages apply severity boosts. ACLED is authenticated: set either ACLED_EMAIL + ACLED_PASSWORD (OAuth, auto-refreshed) or a static ACLED_ACCESS_TOKEN on the API project. When ACLED auth is absent the fetch degrades gracefully to an empty result — but ACLED is also the real-time conflict source for the Country Instability Index, so without it CII conflict scoring falls back to UCDP alone. Since UCDP GED ships as lagging annual releases, that fallback can leave no conflict events inside the CII 2-year recency window, which /api/health.riskScores reports as COVERAGE_PARTIAL (cyber and news families still cover, so the metric reads 2 of 3). The get-risk-scores RPC logs a [CII] ACLED returned 0 events warning when this happens.

Climate Anomaly Detection

15 conflict-prone and disaster-prone zones are continuously monitored for temperature and precipitation anomalies using Open-Meteo ERA5 reanalysis data. A 30-day baseline is computed, and current conditions are compared against it to determine severity:
SeverityTemperature DeviationPrecipitation Deviation
Extreme> 5°C above baseline> 80mm/day above baseline
Moderate> 3°C above baseline> 40mm/day above baseline
NormalWithin expected rangeWithin expected range
Anomalies feed into the signal aggregator, where they amplify CII scores for affected countries (climate stress is a recognized conflict accelerant). The Climate Anomaly panel surfaces these deviations in a severity-sorted list.

Displacement Tracking

Refugee and displacement data is sourced from the UN OCHA Humanitarian API (HAPI), providing population-level counts for refugees, asylum seekers, and internally displaced persons (IDPs). The Displacement panel offers two perspectives:
  • Origins — countries people are fleeing from, ranked by outflow volume
  • Hosts — countries absorbing displaced populations, ranked by intake
Crisis badges flag countries with extreme displacement: > 1 million displaced (red), > 500,000 (orange). Displacement outflow feeds into the CII as a component signal — high displacement is a lagging indicator of instability that persists even when headlines move on.

Population Exposure Estimation

Population exposure estimation calculates affected populations within event-specific radii. See Algorithms - Population Exposure for the full methodology.

Infrastructure Monitoring

Strategic Port Infrastructure

62 strategic ports are cataloged across six types, reflecting their role in global trade and military posture:
TypeCountExamples
Container21Shanghai (#1, 47M+ TEU), Singapore, Ningbo, Shenzhen
Oil/LNG8Ras Tanura (Saudi), Sabine Pass (US), Fujairah (UAE)
Chokepoint9Suez Canal, Panama Canal, Strait of Malacca, Gibraltar, Bosphorus, Dardanelles
Naval6Zhanjiang, Yulin (China), Vladivostok (Russia)
Mixed15+Ports serving multiple roles (trade + military)
Bulk20+Regional commodity ports
Ports are ranked by throughput and weighted by strategic importance in the infrastructure cascade model: oil/LNG terminals carry 0.9 criticality, container ports 0.7, and naval bases 0.4. Port proximity appears in the Country Brief infrastructure exposure section.

Live Webcam Surveillance Grid

22 YouTube live streams from geopolitical hotspots across 5 regions provide continuous visual situational awareness:
RegionCities
Iran / AttacksTehran, Tel Aviv, Jerusalem (Western Wall)
Middle EastJerusalem (Western Wall), Tehran, Tel Aviv, Mecca (Grand Mosque)
EuropeKyiv, Odessa, Paris, St. Petersburg, London
AmericasWashington DC, New York, Los Angeles, Miami
Asia-PacificTaipei, Shanghai, Tokyo, Seoul, Sydney
The webcam panel supports two viewing modes: a 4-feed grid (default strategic selection: Jerusalem, Tehran, Kyiv, Washington DC) and a single-feed expanded view. Region tabs (ALL/IRAN/MIDEAST/EUROPE/AMERICAS/ASIA) filter the available feeds. The Iran/Attacks tab provides a dedicated 2×2 grid for real-time visual monitoring during escalation events between Iran and Israel. Resource management is aggressive — iframes are lazy-loaded via Intersection Observer (only rendered when the panel scrolls into view), paused after 5 minutes of user inactivity, and destroyed from the DOM entirely when the browser tab is hidden. On Tauri desktop, YouTube embeds route through a cloud proxy to bypass WKWebView autoplay restrictions. Each feed carries a fallback video ID in case the primary stream goes offline.

Server-Side Aggregation

Server-Side Feed Aggregation

Rather than each client browser independently fetching dozens of RSS feeds through individual edge function invocations, the listFeedDigest RPC endpoint aggregates all feeds server-side into a single categorized response. The public server digest feed inventory below is source-backed from server/worldmonitor/news/v1/_feeds.ts; that code file remains the source of truth for exact URLs, Google News query wrappers, and locale-specific URL parameters. Feed choices are intentionally visible here so regional coverage, official-source inclusion, and politically sensitive inclusions such as Trump - Truth Social can be reviewed rather than hidden behind a generic “RSS” label. Language-scoped feeds are marked with their language code and are only included when the request language matches. The full variant also appends INTEL_SOURCES under the intel category.
VariantCategoryServer feed sources
fullpoliticsBBC World; Guardian World; AP News; Reuters World; CNN World; Trump - Truth Social
fullusReuters US; NPR News; PBS NewsHour; ABC News; CBS News; NBC News; Wall Street Journal; Politico; The Hill; Axios
fulleuropeFrance 24; EuroNews; Le Monde; DW News; Tagesschau (de); ANSA (it); NOS Nieuws (nl); SVT Nyheter (sv); Telex (hu); Index.hu (hu); HVG (hu); 444.hu (hu); 24.hu (hu); Híradó (hu); Portfolio.hu (hu); ATV (hu); N1 Croatia (hr); Index.hr (hr); Jutarnji list (hr); Balkan Insight
fullmiddleeastBBC Middle East; Al Jazeera; Guardian ME; Oman Observer; BBC Persian (fa); The National
fulltechHacker News; Ars Technica; The Verge; MIT Tech Review
fullaiAI News; VentureBeat AI; The Verge AI; MIT Tech Review; ArXiv AI
fullfinanceCNBC; MarketWatch; Yahoo Finance; Financial Times; Reuters Business
fullgovWhite House; White House Actions; State Dept; Pentagon; Federal Reserve; SEC; UN News; CISA; Treasury; DOJ
fullafricaBBC Africa; News24; Africanews; Jeune Afrique (fr); Premium Times
fulllatamBBC Latin America; Guardian Americas; Primicias (es); Infobae Americas (es); El Universo (es); Clarín (es); InSight Crime
fullasiaBBC Asia; The Diplomat; Nikkei Asia; CNA; NDTV; South China Morning Post; The Hindu; Asia News; BBC Hindi (hi); Aaj Tak (hi); NDTV India (hi); Amar Ujala (hi)
fullenergyOil & Gas; Reuters Energy; Nuclear Energy
fullthinktanksForeign Policy; Atlantic Council; Foreign Affairs; War on the Rocks; CSIS
fullcrisisCrisisWatch; IAEA; WHO
fulllayoffsLayoffs.fyi; TechCrunch Layoffs; Layoffs News
fullintelDefense One; The War Zone; Defense News; Military Times; Task & Purpose; USNI News; gCaptain; Oryx OSINT; Foreign Policy; Foreign Affairs; Atlantic Council; Bellingcat; Krebs Security; Arms Control Assn; Bulletin of Atomic Scientists; FAO News; OCCRP; DFRLab; Lighthouse Reports; The Sentry; GITOC; VSquare; Correctiv
techtechTechCrunch; The Verge; Ars Technica; Hacker News
techaiAI News; VentureBeat AI; The Verge AI; ArXiv AI
techstartupsTechCrunch Startups; VentureBeat; Crunchbase News
techvcblogsY Combinator Blog; a16z Blog; First Round Review; Sequoia Blog; Stratechery
techregionalStartupsEU Startups; Tech.eu; Sifted (Europe); Tech in Asia; TechCabal (Africa); Inc42 (India)
techunicornsUnicorn News; Decacorn News
techacceleratorsYC News; YC Blog; Demo Day News
techsecurityKrebs Security; Dark Reading
techpolicyPolitico Tech; AI Regulation; Tech Antitrust
techgithubGitHub Blog
techfundingVC News
techcloudInfoQ; The New Stack
techlayoffsLayoffs.fyi; TechCrunch Layoffs
techfinanceCNBC Tech; Yahoo Finance
techdevDev.to; Lobsters; Changelog; Show HN
techipoIPO News; Tech IPO News
techproducthuntProduct Hunt
techhardwareTom’s Hardware; SemiAnalysis; Semiconductor News
techoutagesAWS Status; Cloud Outages
financemarketsCNBC; Yahoo Finance; Seeking Alpha
financeforexForex News
financebondsBond Market
financecommoditiesOil & Gas; Gold & Metals
financecryptoCoinDesk; Cointelegraph; The Block; Decrypt; The Defiant; Bitcoin Magazine; DL News; CryptoSlate; Unchained; DeFi News; Bloomberg Crypto; Reuters Crypto; Wu Blockchain; Messari; NFT News; Stablecoin Policy
financecentralbanksFederal Reserve
financeeconomicEconomic Data
financeipoIPO News
financederivativesOptions Market; Futures Trading
financefintechFintech News; Trading Tech; Blockchain Finance
financefin-regulationSEC; Financial Regulation; Banking Rules; Crypto Regulation
financeinstitutionalHedge Fund News; Private Equity; Sovereign Wealth
financeanalysisMarket Outlook; Risk & Volatility; Bank Research
financegccNewsArabian Business; The National; Arab News; Gulf FDI; Gulf Investments; Vision 2030
commoditycommodity-newsKitco News; Mining.com; Bloomberg Commodities; Reuters Commodities; S&P Global Commodity; CNBC Commodities
commoditygold-silverKitco Gold; Gold Price News; Silver Price News; Precious Metals; World Gold Council
commodityenergyOilPrice.com; Rigzone; EIA Reports; OPEC News; Natural Gas News; Energy Intel; Reuters Energy
commoditymining-newsMining Journal; Northern Miner; Mining Weekly; Mining Technology; Australian Mining; Mine Web (SNL); Resource World
commoditycritical-mineralsBenchmark Mineral; Lithium Market; Cobalt Market; Rare Earths News; EV Battery Supply; IEA Critical Minerals; Uranium Market
commoditybase-metalsLME Metals; Copper Market; Nickel News; Aluminum & Zinc; Iron Ore Market; Metals Bulletin
commoditymining-companiesBHP News; Rio Tinto News; Glencore & Vale; Gold Majors; Freeport & Copper Miners; Critical Mineral Companies
commoditysupply-chainShipping & Freight; Trade Routes; China Commodity Imports; Port & Logistics
commoditycommodity-regulationMining Regulation; ESG in Mining; Trade & Tariffs; Indonesia Nickel Policy; China Mineral Policy
commoditymarketsYahoo Finance Commodities; CNBC Markets; Seeking Alpha Metals; Commodity Futures
commodityfinanceCNBC; MarketWatch; Yahoo Finance; Financial Times; Reuters Business
happypositiveGood News Network; Positive.News; Reasons to be Cheerful; Optimist Daily
happyscienceScienceDaily; Nature News; Singularity Hub; Human Progress
happynatureMongabay; Conservation Optimism
happyinspiringGNN Heroes; GNN Health
happycommunityYes! Magazine; Shareable
Architecture: 
Client (1 RPC call) → listFeedDigest → Redis check (digest:v1:{variant}:{lang})

                                    ┌─────────┴─── HIT → return cached digest

                                    ▼ MISS
                           ┌─────────────────────────┐
                           │  buildDigest()           │
                           │  20 concurrent fetches   │
                           │  8s per-feed timeout     │
                           │  25s overall deadline    │
                           └────────┬────────────────┘

                              ┌─────┴─────┐
                              │ Per-feed   │ ← healthy 3600s, empty/failed 300s
                              │ Redis      │
                              └─────┬─────┘


                           ┌─────────────────────────┐
                           │  Categorized digest      │
                           │  Cached 900s (15 min)    │
                           │  Per-item keyword class.  │
                           └─────────────────────────┘
The digest cache key is news:digest:v1:{variant}:{lang} with a 900-second TTL. Individual feed results are separately cached per URL: healthy parsed feeds use 3600 seconds, while empty or failed zero-item parses use 300 seconds so transient blocks are retried sooner. Items per feed are capped at 5, categories at 20 items each. XML parsing is edge-runtime-compatible (regex-based, no DOM parser), handling both RSS item and Atom entry formats. Each item is keyword-classified at aggregation time. An in-memory fallback cache (capped at 50 entries) provides last-known-good data if Redis fails. This eliminates per-client feed fan-out — 1,000 concurrent users each polling 25 feed categories would have generated 25,000 edge invocations per poll cycle. With server-side aggregation, they generate exactly 1 (or 0 if the digest is cached).

Source Credibility & Feed Tiering

Every RSS feed is assigned a source tier reflecting editorial reliability:
TierDescriptionExamples
Tier 1Wire services, official government sourcesReuters, AP, BBC, DOD
Tier 2Major established outletsCNN, NYT, The Guardian, Al Jazeera
Tier 3Specialized/niche outletsDefense One, Breaking Defense, The War Zone
Tier 4Aggregators and blogsGoogle News, individual analyst blogs
Feeds also carry a propaganda risk rating and state affiliation flag. State-affiliated sources (RT, Xinhua, IRNA) are included for completeness but visually tagged so analysts can factor in editorial bias. Threat classification confidence is weighted by source tier — a Tier 1 breaking alert carries more weight than a Tier 4 blog post in the focal point detection algorithm.

Data Freshness & Intelligence Gaps

Data Freshness & Intelligence Gaps

A singleton tracker monitors 35 data sources (GDELT, GDELT Doc, RSS, AIS, OpenSky, Wingbits, USGS, weather, outages, ACLED, ACLED conflict, Polymarket, predictions, PizzINT, economic, oil, spending, NASA FIRMS, cyber threats, UCDP, UCDP events, HAPI, UNHCR, climate, WorldPop, giving, BIS, BLS, WTO trade, supply chain, security advisories, sanctions pressure, radiation, GPS jamming, Treasury revenue) with status categorization: fresh (<15 min), stale (2h), very_stale (6h), no_data, error, disabled. Two browser-tracker sources (GDELT, RSS) are flagged as requiredForRisk; that flag drives the Strategic Risk panel’s hard insufficient-data gate, not the exhaustive list of CII score inputs. Score-relevant feeds such as UCDP events, ACLED conflict, news summaries, and cyber threats are tracked through source-specific health plus /api/health.riskScores signal-density coverage. The tracker explicitly reports intelligence gaps — what analysts can’t see — preventing false confidence when critical data sources are down or degraded.

Prediction Markets

Prediction Markets as Leading Indicators

Polymarket geopolitical markets are queried using tag-based filters (Ukraine, Iran, China, Taiwan, etc.) with 5-minute caching. Market probability shifts are correlated with news volume: if a prediction market moves significantly before matching news arrives, this is flagged as a potential early-warning signal. 4-tier fetch strategy — prediction markets use a cascading fetch chain to maximize data availability:
  1. Bootstrap hydration — zero-network, page-load-embedded data from the Redis-cached predictions key. If fresh (<20 min), the panel renders instantly without any API call
  2. Sebuf RPCPOST /api/prediction/v1/list-prediction-markets queries Redis for the seed-script-maintained cache. Single request, sub-100ms cold start
  3. Browser-direct Polymarket — the browser fetches Polymarket’s Gamma API directly, bypassing JA3 fingerprinting (browser TLS passes Cloudflare)
  4. Sidecar native TLS — on Tauri desktop, Rust’s reqwest TLS fingerprint differs from Node.js, providing another bypass vector
Country-specific marketsfetchCountryMarkets(country) maps 40+ countries to Polymarket tag variants (e.g., “Russia” matches [“russia”, “russian”, “moscow”, “kremlin”, “putin”]), enabling the Country Brief to display prediction contracts relevant to any nation. Smart filtering — markets are ranked by 24h trading volume, filtered to exclude sports and entertainment (100+ exclusion keywords: NBA, NFL, Oscar, Grammy, etc.), and require meaningful price divergence from 50% or volume above $50K to suppress noise. Each variant gets different tag sets — geopolitical queries politics/world/ukraine/middle-east tags, tech queries ai/crypto/business tags. Cloudflare JA3 bypass — Polymarket’s API is protected by Cloudflare TLS fingerprinting (JA3) that blocks all server-side requests. The system uses a 3-tier fallback:
TierMethodWhen It Works
1Browser-direct fetchAlways (browser TLS passes Cloudflare)
2Tauri native TLS (reqwest)Desktop app (Rust TLS fingerprint differs from Node.js)
3Vercel edge proxyRarely (edge runtime sometimes passes)
Once browser-direct succeeds, the system caches this state and skips fallback tiers on subsequent requests. Country-specific markets are fetched by mapping countries to Polymarket tags with name-variant matching (e.g., “Russia” matches titles containing “Russian”, “Moscow”, “Kremlin”, “Putin”). Markets are filtered to exclude sports and entertainment (100+ exclusion keywords), require meaningful price divergence from 50% or volume above $50K, and are ranked by trading volume. Each variant gets different tag sets — geopolitical focus queries politics/world/ukraine/middle-east tags, while tech focus queries ai/crypto/business tags.

Provider Credits

WorldMonitor is grateful to the following organizations for making their data publicly accessible.

Energy & Commodities

ProviderDataLink
GIE AGSI+EU natural gas storage levelsagsi.gie.eu
U.S. EIACrude oil inventories, fuel prices, energy dataeia.gov/opendata

Finance & Economics

ProviderDataLink
ECB Data PortalFX reference rates, yield curve, ESTR/EURIBOR, financial stress indexdata-api.ecb.europa.eu
EurostatEuro Area CPI, GDP, unemployment, economic indicatorsec.europa.eu/eurostat
FRED — St. Louis FedUS/global interest rates, macroeconomic seriesfred.stlouisfed.org
World Bank Open DataDevelopment indicators, renewable energy, technology readinessdata.worldbank.org
BIS StatisticsCentral bank policy rates, REER, credit-to-GDPstats.bis.org
U.S. BLSUS labor statisticsbls.gov/developers
USA SpendingUS federal spending and contractsapi.usaspending.gov
UN ComtradeGlobal merchandise trade flowscomtradeapi.un.org
CoinGeckoCryptocurrency prices and market datacoingecko.com

Geopolitics & Conflict

ProviderDataLink
ACLEDArmed conflict and protest event dataacleddata.com
UCDPUppsala Conflict Data Program — conflict eventsucdp.uu.se
GDELTGlobal event, language, and tone databasegdeltproject.org
IMF PortWatchChokepoint transit intelligenceportwatch.imf.org

Environment & Disasters

ProviderDataLink
USGS Earthquake HazardsGlobal seismic activityearthquake.usgs.gov
NASA FIRMSNear real-time wildfire/fire detections (VIIRS)firms.modaps.eosdis.nasa.gov
NASA EONETNatural events — storms, volcanoes, floodseonet.gsfc.nasa.gov
GDACSUN-coordinated global disaster alertsgdacs.org
Open-MeteoERA5 reanalysis climate dataopen-meteo.com

Infrastructure & Cyber

ProviderDataLink
Cloudflare RadarInternet outages and traffic anomaliesradar.cloudflare.com
Submarine Cable MapGlobal submarine cable infrastructuresubmarinecablemap.com
AbuseIPDBCrowd-sourced malicious IP reportsabuseipdb.com
CelesTrakSatellite TLE data for orbital trackingcelestrak.org

Aviation

ProviderDataLink
WingbitsLive ADS-B flight datawingbits.com
OpenSky NetworkADS-B flight tracking (fallback)opensky-network.org
FAA ASWSUS airport delay and ground stop datanasstatus.faa.gov
ICAONOTAM airspace closure dataicao.int