World Monitor

Real-time global intelligence dashboard — AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface.

Live Demo  ·  Tech Variant  ·  Full Documentation

Why World Monitor?

Live Demos

Both variants run from a single codebase — switch between them with one click.

Key Features

Interactive Global Map

• 25+ data layers — conflicts, military bases, nuclear facilities, undersea cables, pipelines, satellite fire detection, protests, natural disasters, datacenters, and more
• Smart clustering — markers intelligently group at low zoom, expand on zoom in
• Progressive disclosure — detail layers (bases, nuclear, datacenters) appear only when zoomed in; zoom-adaptive opacity prevents clutter at world view
• Label deconfliction — overlapping labels (e.g., multiple BREAKING badges) are automatically suppressed by priority, highest-severity first
• 8 regional presets — Global, Americas, Europe, MENA, Asia, Africa, Oceania, Latin America
• Time filtering — 1h, 6h, 24h, 48h, 7d event windows

AI-Powered Intelligence

• World Brief — LLM-synthesized summary of top global developments (Groq Llama 3.1, Redis-cached)
• Hybrid Threat Classification — instant keyword classifier with async LLM override for higher-confidence results
• Focal Point Detection — correlates entities across news, military activity, protests, outages, and markets to identify convergence
• Country Instability Index — real-time stability scores for 20 monitored nations using weighted multi-signal blend
• Strategic Posture Assessment — composite risk score combining all intelligence modules with trend detection

Real-Time Data Layers

Live News & Video

• 100+ RSS feeds across geopolitics, defense, energy, tech
• Live video streams — Bloomberg, Sky News, Al Jazeera, CNBC, and more
• Custom monitors — Create keyword-based alerts for any topic
• Entity extraction — Auto-links countries, leaders, organizations

Signal Aggregation & Anomaly Detection

• Multi-source signal fusion — internet outages, military flights, naval vessels, protests, AIS disruptions, and satellite fires are aggregated into a unified intelligence picture with per-country and per-region clustering
• Temporal baseline anomaly detection — Welford's online algorithm computes streaming mean/variance per event type, region, weekday, and month over a 90-day window. Z-score thresholds (1.5/2.0/3.0) flag deviations like "Military flights 3.2x normal for Thursday (January)" — stored in Redis via Upstash
• Regional convergence scoring — when multiple signal types spike in the same geographic area, the system identifies convergence zones and escalates severity

Story Sharing & Social Export

• Shareable intelligence stories — generate country-level intelligence briefs with CII scores, threat counts, theater posture, and related prediction markets
• Multi-platform export — custom-formatted sharing for Twitter/X, LinkedIn, WhatsApp, Telegram, Reddit, and Facebook with platform-appropriate formatting
• Deep links — every story generates a unique URL (/story?c=<country>&t=<type>) with dynamic Open Graph meta tags for rich social previews
• Canvas-based image generation — stories render as PNG images for visual sharing, with QR codes linking back to the live dashboard

Additional Capabilities

• Signal intelligence with "Why It Matters" context
• Infrastructure cascade analysis with proximity correlation
• Maritime & aviation tracking with surge detection
• Prediction market integration (Polymarket) as leading indicators
• Service status monitoring (cloud providers, AI services)
• Shareable map state via URL parameters (view, zoom, coordinates, time range, active layers)
• Data freshness monitoring across 14 data sources with explicit intelligence gap reporting
• Per-feed circuit breakers with 5-minute cooldowns to prevent cascading failures
• Browser-side ML worker (Transformers.js) for NER and sentiment analysis without server dependency
• Cmd+K search — fuzzy search across news headlines, countries, and entities
• Virtual scrolling — news panels render only visible DOM elements, handling thousands of items without browser lag
• Mobile detection — screens below 768px receive a warning modal since the dashboard is designed for multi-panel desktop use
• UCDP conflict classification — countries with active wars (1,000+ battle deaths/year) receive automatic CII floor scores, preventing optimistic drift
• HAPI humanitarian data — UN OCHA humanitarian access metrics feed into country-level instability scoring

Regression Testing

Map overlay behavior is validated in Playwright using the map harness (/map-harness.html).

• Cluster-state cache initialization guard:
  • updates protest marker click payload after data refresh
  • initializes cluster movement cache on first protest cluster render
• Run by variant:
  • npm run test:e2e:full -- -g "updates protest marker click payload after data refresh|initializes cluster movement cache on first protest cluster render"
  • npm run test:e2e:tech -- -g "updates protest marker click payload after data refresh|initializes cluster movement cache on first protest cluster render"

How It Works

Threat Classification Pipeline

Every news item passes through a two-stage classification pipeline:

1. Keyword classifier (instant) — pattern-matches against ~120 threat keywords organized by severity tier (critical → high → medium → low → info) and category (conflict, terrorism, cyber, disaster, etc.). Returns immediately with a confidence score.
2. LLM classifier (async) — fires in the background via a Vercel Edge Function calling Groq's Llama 3.1 8B at temperature 0. Results are cached in Redis (24h TTL) keyed by headline hash. When the LLM result arrives, it overrides the keyword result only if its confidence is higher.

This hybrid approach means the UI is never blocked waiting for AI — users see keyword results instantly, with LLM refinements arriving within seconds and persisting for all subsequent visitors.

Country Instability Index (CII)

Each monitored country receives a real-time instability score (0–100) computed from:

Additional boosts apply for hotspot proximity, focal point urgency, and conflict-zone floors (e.g., Ukraine is pinned at ≥55, Syria at ≥50).

Hotspot Escalation Scoring

Intelligence hotspots receive dynamic escalation scores blending four normalized signals (0–100):

• News activity (35%) — article count and severity in the hotspot's area
• Country instability (25%) — CII score of the host country
• Geo-convergence alerts (25%) — spatial binning detects 3+ event types (protests + military + earthquakes) co-occurring within 1° lat/lon cells
• Military activity (15%) — vessel clusters and flight density near the hotspot

The system blends static baseline risk (40%) with detected events (60%) and tracks trends via linear regression on 48-hour history. Signal emissions cool down for 2 hours to prevent alert fatigue.

Geographic Convergence Detection

Events (protests, military flights, vessels, earthquakes) are binned into 1°×1° geographic cells within a 24-hour window. When 3+ distinct event types converge in one cell, a convergence alert fires. Scoring is based on type diversity (×25pts per unique type) plus event count bonuses (×2pts). Alerts are reverse-geocoded to human-readable names using conflict zones, waterways, and hotspot databases.

Strategic Theater Posture Assessment

Nine operational theaters are continuously assessed for military posture escalation:

Posture levels escalate from NORMAL → ELEVATED → CRITICAL based on a composite of:

• Aircraft count in theater (both resident and transient)
• Strike capability — the presence of tankers + AWACS + fighters together indicates strike packaging, not routine training
• Naval presence — carrier groups and combatant formations
• Country instability — high CII scores for theater-adjacent countries amplify posture

Each theater is linked to 38+ military bases, enabling automatic correlation between observed flights and known operating locations.

Military Surge & Foreign Presence Detection

The system monitors five operational theaters (Middle East, Eastern Europe, Western Europe, Western Pacific, Horn of Africa) with 38+ associated military bases. It classifies vessel clusters near hotspots by activity type:

• Deployment — carrier present with 5+ vessels
• Exercise — combatants present in formation
• Transit — vessels passing through

Foreign military presence is dual-credited: the operator's country is flagged for force projection, and the host location's country is flagged for foreign military threat. AIS gaps (dark ships) are flagged as potential signal discipline indicators.

Infrastructure Cascade Modeling

Beyond proximity correlation, the system models how disruptions propagate through interconnected infrastructure. A dependency graph connects undersea cables, pipelines, ports, chokepoints, and countries with weighted edges representing capacity dependencies:

Disruption Event → Affected Node → Cascade Propagation (BFS, depth ≤ 3)
                                          │
                    ┌─────────────────────┤
                    ▼                     ▼
            Direct Impact         Indirect Impact
         (e.g., cable cut)    (countries served by cable)

Impact calculation: strength = edge_weight × disruption_level × (1 − redundancy)

Strategic chokepoint modeling captures real-world dependencies:

• Strait of Hormuz — 80% of Japan's oil, 70% of South Korea's, 60% of India's, 40% of China's
• Suez Canal — EU-Asia trade routes (Germany, Italy, UK, China)
• Malacca Strait — 80% of China's oil transit

Ports are weighted by type: oil/LNG terminals (0.9 — critical), container ports (0.7), naval bases (0.4 — geopolitical but less economic). This enables questions like "if the Strait of Hormuz closes, which countries face energy shortages within 30 days?"

Related Assets & Proximity Correlation

When a news event is geo-located, the system automatically identifies critical infrastructure within a 600km radius — pipelines, undersea cables, data centers, military bases, and nuclear facilities — ranked by distance. This enables instant geopolitical context: a cable cut near a strategic chokepoint, a protest near a nuclear facility, or troop movements near a data center cluster.

News Geo-Location

A 74-hub strategic location database infers geography from headlines via keyword matching. Hubs span capitals, conflict zones, strategic chokepoints (Strait of Hormuz, Suez Canal, Malacca Strait), and international organizations. Confidence scoring is boosted for critical-tier hubs and active conflict zones, enabling map-driven news placement without requiring explicit location metadata from RSS feeds.

Temporal Baseline Anomaly Detection

Rather than relying on static thresholds, the system learns what "normal" looks like and flags deviations. Each event type (military flights, naval vessels, protests, news velocity, AIS gaps, satellite fires) is tracked per region with separate baselines for each weekday and month — because military activity patterns differ on Tuesdays vs. weekends, and January vs. July.

The algorithm uses Welford's online method for numerically stable streaming computation of mean and variance, stored in Redis with a 90-day rolling window. When a new observation arrives, its z-score is computed against the learned baseline. Thresholds:

A minimum of 10 historical samples is required before anomalies are reported, preventing false positives during the learning phase. Anomalies are ingested back into the signal aggregator, where they compound with other signals for convergence detection.

Browser-Side ML Pipeline

The dashboard runs a full ML pipeline in the browser via Transformers.js, with no server dependency for core intelligence. This is automatically disabled on mobile devices to conserve memory.

Hybrid clustering combines fast Jaccard similarity (n-gram overlap, threshold 0.4) with ML-refined semantic similarity (cosine similarity, threshold 0.78). Jaccard runs instantly on every refresh; semantic refinement runs when the ML worker is loaded and merges clusters that are textually different but semantically identical (e.g., "NATO expands missile shield" and "Alliance deploys new air defense systems").

News velocity is tracked per cluster — when multiple Tier 1–2 sources converge on the same story within a short window, the cluster is flagged as a breaking alert with sourcesPerHour as the velocity metric.

Signal Aggregation

All real-time data sources feed into a central signal aggregator that builds a unified geospatial intelligence picture. Signals are clustered by country and region, with each signal carrying a severity (low/medium/high), geographic coordinates, and metadata. The aggregator:

1. Clusters by country — groups signals from diverse sources (flights, vessels, protests, fires, outages) into per-country profiles
2. Detects regional convergence — identifies when multiple signal types spike in the same geographic corridor (e.g., military flights + protests + satellite fires in Eastern Mediterranean)
3. Feeds downstream analysis — the CII, hotspot escalation, focal point detection, and AI insights modules all consume the aggregated signal picture rather than raw data

Data Freshness & Intelligence Gaps

A singleton tracker monitors 14 data sources (GDELT, RSS, AIS, military flights, earthquakes, weather, outages, ACLED, Polymarket, economic indicators, NASA FIRMS, and more) with status categorization: fresh (<15 min), stale (1h), very_stale (6h), no_data, error, disabled. It explicitly reports intelligence gaps — what analysts can't see — preventing false confidence when critical data sources are down or degraded.

Prediction Markets as Leading Indicators

Polymarket geopolitical markets are queried using tag-based filters (Ukraine, Iran, China, Taiwan, etc.) with 5-minute caching. Market probability shifts are correlated with news volume: if a prediction market moves significantly before matching news arrives, this is flagged as a potential early-warning signal.

Macro Signal Analysis (Market Radar)

The Market Radar panel computes a composite BUY/CASH verdict from 7 independent signals sourced entirely from free APIs (Yahoo Finance, mempool.space, alternative.me):

The overall verdict requires ≥57% of known signals to be bullish (BUY), otherwise CASH. Signals with unknown data are excluded from the denominator.

VWAP Calculation — Volume-Weighted Average Price is computed from aligned price/volume pairs over a 30-day window. Pairs where either price or volume is null are excluded together to prevent index misalignment:

VWAP = Σ(price × volume) / Σ(volume)    for last 30 trading days

The Mayer Multiple (BTC price / SMA200) provides a long-term valuation context — historically, values above 2.4 indicate overheating, while values below 0.8 suggest deep undervaluation.

Stablecoin Peg Monitoring

Five major stablecoins (USDT, USDC, DAI, FDUSD, USDe) are monitored via the CoinGecko API with 2-minute caching. Each coin's deviation from the $1.00 peg determines its health status:

The panel aggregates total stablecoin market cap, 24h volume, and an overall health status (HEALTHY / CAUTION / WARNING). The coins query parameter accepts a comma-separated list of CoinGecko IDs, validated against a [a-z0-9-]+ regex to prevent injection.

BTC ETF Flow Estimation

Ten spot Bitcoin ETFs are tracked via Yahoo Finance's 5-day chart API (IBIT, FBTC, ARKB, BITB, GBTC, HODL, BRRR, EZBC, BTCO, BTCW). Since ETF flow data requires expensive terminal subscriptions, the system estimates flow direction from publicly available signals:

• Price change — daily close vs. previous close determines direction
• Volume ratio — current volume / trailing average volume measures conviction
• Flow magnitude — volume × price × direction × 0.1 provides a rough dollar estimate

This is an approximation, not a substitute for official flow data, but it captures the direction and relative magnitude correctly. Results are cached for 15 minutes.

Architecture Principles

Source Credibility & Feed Tiering

Every RSS feed is assigned a source tier reflecting editorial reliability:

Feeds also carry a propaganda risk rating and state affiliation flag. State-affiliated sources (RT, Xinhua, IRNA) are included for completeness but visually tagged so analysts can factor in editorial bias. Threat classification confidence is weighted by source tier — a Tier 1 breaking alert carries more weight than a Tier 4 blog post in the focal point detection algorithm.

Edge Function Architecture

World Monitor uses 45+ Vercel Edge Functions as a lightweight API layer. Each edge function handles a single data source concern — proxying, caching, or transforming external APIs. This architecture avoids a monolithic backend while keeping API keys server-side:

• RSS Proxy — domain-allowlisted proxy for 100+ feeds, preventing CORS issues and hiding origin servers. Feeds from domains that block Vercel IPs are automatically routed through the Railway relay.
• AI Pipeline — Groq and OpenRouter edge functions with Redis deduplication, so identical headlines across concurrent users only trigger one LLM call. The classify-event endpoint pauses its queue on 500 errors to avoid wasting API quota.
• Data Adapters — GDELT, ACLED, OpenSky, USGS, NASA FIRMS, FRED, Yahoo Finance, CoinGecko, mempool.space, and others each have dedicated edge functions that normalize responses into consistent schemas
• Market Intelligence — macro signals, ETF flows, and stablecoin monitors compute derived analytics server-side (VWAP, SMA, peg deviation, flow estimates) and cache results in Redis
• Temporal Baseline — Welford's algorithm state is persisted in Redis across requests, building statistical baselines without a traditional database
• Custom Scrapers — sources without RSS feeds (FwdStart, GitHub Trending, tech events) are scraped and transformed into RSS-compatible formats

All edge functions include circuit breaker logic and return cached stale data when upstream APIs are unavailable, ensuring the dashboard never shows blank panels.

Dual-Deployment Architecture

World Monitor runs on two platforms that work together:

┌─────────────────────────────────────┐
│          Vercel (Edge)              │
│  45+ edge functions · static SPA   │
│  CORS allowlist · Redis cache       │
│  AI pipeline · market analytics     │
└──────────────┬──────────────────────┘
               │ https:// (server-side)
               │ wss://   (client-side)
               ▼
┌─────────────────────────────────────┐
│       Railway (Relay Server)        │
│  WebSocket relay · OpenSky OAuth2   │
│  RSS proxy for blocked domains      │
│  AIS vessel stream multiplexer      │
└─────────────────────────────────────┘

Why two platforms? Several upstream APIs (OpenSky Network, CNN RSS, UN News, CISA, IAEA) actively block requests from Vercel's IP ranges. The Railway relay server acts as an alternate origin, handling:

• AIS vessel tracking — maintains a persistent WebSocket connection to AISStream.io and multiplexes it to all connected browser clients, avoiding per-user connection limits
• OpenSky aircraft data — authenticates via OAuth2 client credentials flow (Vercel IPs get 403'd by OpenSky without auth tokens)
• RSS feeds — proxies feeds from domains that block Vercel IPs, with a separate domain allowlist for security

The Vercel edge functions connect to Railway via WS_RELAY_URL (server-side, HTTPS) while browser clients connect via VITE_WS_RELAY_URL (client-side, WSS). This separation keeps the relay URL configurable per deployment without leaking server-side configuration to the browser.

Caching Architecture

Every external API call passes through a three-tier cache with stale-on-error fallback:

Request → [1] In-Memory Cache → [2] Redis (Upstash) → [3] Upstream API
                                                              │
            ◄──── stale data served on error ────────────────┘

Cache keys are versioned (opensky:v2:lamin=..., macro-signals:v2:default) so schema changes don't serve stale formats. Every response includes an X-Cache header (HIT, REDIS-HIT, MISS, REDIS-STALE, REDIS-ERROR-FALLBACK) for debugging.

The AI summarization pipeline adds content-based deduplication: headlines are hashed and checked against Redis before calling Groq, so the same breaking news viewed by 1,000 concurrent users triggers exactly one LLM call.

Security Model

Quick Start

# Clone and run
git clone https://github.com/koala73/worldmonitor.git
cd worldmonitor
npm install
vercel dev       # Runs frontend + all 45+ API edge functions

Open http://localhost:3000

Note: vercel dev requires the Vercel CLI (npm i -g vercel). If you use npm run dev instead, only the frontend starts — news feeds and API-dependent panels won't load. See Self-Hosting for details.

Environment Variables (Optional)

The dashboard works without any API keys — panels for unconfigured services simply won't appear. For full functionality, copy the example file and fill in the keys you need:

cp .env.example .env.local

The .env.example file documents every variable with descriptions and registration links, organized by deployment target (Vercel vs Railway). Key groups:

See .env.example for the complete list with registration links.

Self-Hosting

World Monitor relies on 45+ Vercel Edge Functions in the api/ directory for RSS proxying, data caching, and API key isolation. Running npm run dev alone starts only the Vite frontend — the edge functions won't execute, and most panels (news feeds, markets, AI summaries) will be empty.

Option 1: Deploy to Vercel (Recommended)

The simplest path — Vercel runs the edge functions natively on their free tier:

npm install -g vercel
vercel          # Follow prompts to link/create project

Add your API keys in the Vercel dashboard under Settings → Environment Variables, then visit your deployment URL. The free Hobby plan supports all 45+ edge functions.

Option 2: Local Development with Vercel CLI

To run everything locally (frontend + edge functions):

npm install -g vercel
cp .env.example .env.local   # Add your API keys
vercel dev                    # Starts on http://localhost:3000

Important: Use vercel dev instead of npm run dev. The Vercel CLI emulates the edge runtime locally so all api/ endpoints work. Plain npm run dev only starts Vite and the API layer won't be available.

Option 3: Static Frontend Only

If you only want the map and client-side features (no news feeds, no AI, no market data):

npm run dev    # Vite dev server on http://localhost:5173

This runs the frontend without the API layer. Panels that require server-side proxying will show "No data available". The interactive map, static data layers (bases, cables, pipelines), and browser-side ML models still work.

Platform Notes

Railway Relay (Optional)

For live AIS vessel tracking and OpenSky aircraft data, deploy the WebSocket relay on Railway:

# On Railway, deploy with:
node scripts/ais-relay.cjs

Set WS_RELAY_URL (server-side, HTTPS) and VITE_WS_RELAY_URL (client-side, WSS) in your environment. Without the relay, AIS and OpenSky layers won't show live data, but all other features work normally.

Tech Stack

Documentation

Full documentation including algorithms, data sources, and system architecture:

docs/DOCUMENTATION.md

Key sections:

• Signal Intelligence
• Country Instability Index
• Military Tracking
• Infrastructure Analysis
• API Dependencies
• System Architecture

Contributing

Contributions welcome! See CONTRIBUTING for guidelines.

# Development
npm run dev          # Full variant (worldmonitor.app)
npm run dev:tech     # Tech variant (startups.worldmonitor.app)

# Production builds
npm run build:full   # Build full variant
npm run build:tech   # Build tech variant

# Quality
npm run typecheck    # TypeScript type checking

# Desktop packaging
npm run desktop:package:macos:full     # .app + .dmg (World Monitor)
npm run desktop:package:macos:tech     # .app + .dmg (Tech Monitor)
npm run desktop:package:windows:full   # .exe + .msi (World Monitor)
npm run desktop:package:windows:tech   # .exe + .msi (Tech Monitor)

# Generic packaging runner
npm run desktop:package -- --os macos --variant full

# Signed packaging (same targets, requires signing env vars)
npm run desktop:package:macos:full:sign
npm run desktop:package:windows:full:sign

Desktop release details, signing hooks, variant outputs, and clean-machine validation checklist:

• docs/RELEASE_PACKAGING.md

Roadmap

• 45+ API edge functions for programmatic access
• Dual-site variant system (geopolitical + tech)
• Market intelligence (macro signals, ETF flows, stablecoin peg monitoring)
• Railway relay for WebSocket and blocked-domain proxying
• CORS origin allowlist and security hardening
• Mobile-optimized views
• Push notifications for critical alerts
• Historical data playback
• Self-hosted Docker image

See full roadmap.

Support the Project

If you find World Monitor useful:

• Star this repo to help others discover it
• Share with colleagues interested in OSINT
• Contribute code, data sources, or documentation
• Report issues to help improve the platform

License

MIT License — see LICENSE for details.

Author

Elie Habib — GitHub

worldmonitor.app  ·  tech.worldmonitor.app

Star History