worldmonitor npm CLI: the MCP server is the live, documented agent surface (tools/list is public; tools/call needs a user API key), and a small REST escape hatch rounds each SDK out for host-relative and self-hosted use.
| Language | Package | Install | Source |
|---|---|---|---|
| Python | worldmonitor-sdk on PyPI | pip install worldmonitor-sdk | sdk/python/ |
| Ruby | worldmonitor on RubyGems | gem install worldmonitor | sdk/ruby/ |
| Go | github.com/koala73/worldmonitor/sdk/go on pkg.go.dev | go get github.com/koala73/worldmonitor/sdk/go | sdk/go/ |
| JavaScript / CLI | worldmonitor on npm | npm install worldmonitor | cli/ |
worldmonitor.app — that is how you (or your agent) verify it is the official SDK and not a look-alike.
Shared design
All four clients expose the same surface with language-native naming:- Any MCP tool —
call_tool/CallToolwith named arguments; the result is the unwrapped JSON-RPCresult. - Curated helpers for the highest-traffic tools: world brief, country brief/risk, markets, conflicts, cyber, news, disasters, sanctions, forecasts, maritime.
- Public listings —
list_tools,list_prompts,list_resourcesneed no key. - REST escape hatch —
get("/api/…")andhealth()againstapi.worldmonitor.app. - Configuration via constructor arguments or the
WORLDMONITOR_API_KEY(aliasWM_API_KEY),WORLDMONITOR_BASE_URL, andWORLDMONITOR_MCP_URLenvironment variables. - Errors split into an MCP error (JSON-RPC
errorobject, auth failures carry a key hint) and an API error (non-2xx transport). - A descriptive User-Agent (
worldmonitor-<lang>/<version>) — the API edge challenges generic library agents, so keep it if you fork.
jmespath argument for server-side projection — typically an 80–95% response-size cut.
Python
Ruby
Go
JavaScript
The npm package doubles as the command-line client and a library:Get a key
Data calls (tools/call) need a user API key — issue one at worldmonitor.app/pro. See Authentication for how keys, OAuth, and browser sessions differ, and Rate Limits for per-plan allowances.
Releasing (maintainers)
Each SDK versions and publishes independently via OIDC trusted publishing — no long-lived registry tokens (see the CLI release runbook for the npm flow):- Python: bump
versioninsdk/python/pyproject.tomland__version__insdk/python/src/worldmonitor_sdk/__init__.py, then tagpy-vX.Y.Z(workflowpublish-python.yml). - Ruby: bump
WorldMonitor::VERSIONinsdk/ruby/lib/worldmonitor/version.rb, then taggem-vX.Y.Z(workflowpublish-ruby.yml). - Go: bump
Versioninsdk/go/worldmonitor.go, then tagsdk/go/vX.Y.Z(workflowpublish-go.ymlvalidates and warms the module proxy).
tests/sdk-packages.test.mjs guards the version sync and the worldmonitor.app homepage metadata on every package.