Tauri 2 + TypeScript + Rust desktop app: 181+ live data panels across 4 product variants, a Cesium.js/DeckGL 3D globe with 22 geospatial layers, SGP4 orbital propagation in a Web Worker, AI summarization with Ollama/Groq/Claude/OpenRouter fallback chain, Protobuf/Buf contract-driven API layer, OS keychain secret storage, Node.js sidecar proxy on a bearer-authenticated local port, and a PostHog-instrumented Ghost Mode with analytics suppression.
Full-viewport Cesium.js 3D globe mode. Activate with G or the sidebar.
22 live data layers: military bases, nuclear facilities, earthquakes, active conflicts, airstrikes, cyclones, fires, vessels, flights, cyber threats, submarines, cables, ports, satellites, ISS, and more.
HUD overlay: threat assessment card, mode badge, HOTSPOTS/ALT/CONFLICT/DISASTER stat pills, nearest hotspot (haversine), sun-phase badge (DAY/GOLDEN/CIVIL/NAUTICAL/ASTRO/NIGHT), local clock at camera longitude, scrolling LIVE alert ticker, top-5 alert list, layer-toggle bar.
Fly Mode: game-style WASD/mouse first-person flight over the globe. Right-click drag for look, scroll for speed.
Time Machine: scrub historical data across a configurable time window.
Satellite tracking: SGP4 orbital propagation in a Web Worker — ISS, Starlink, weather satellites. No API key required, TLE data from CelesTrak.
3D buildings: 5-tier fallback — Google Photorealistic → Cesium OSM Buildings → 2D extrusions → flat. Photorealistic requires GOOGLE_MAPS_API_KEY.
Imagery: Bing satellite (Cesium Ion token) → ArcGIS World Imagery fallback.
| Domain | What's included |
|---|---|
| Conflict & Geopolitics | Live conflict zones, airstrike tracking, ACLED events, military bases, nuclear facilities, theater polygons, kill chain, ORBAT, STIX/TAXII feeds |
| Weather | 7-day forecasts, RainViewer global radar, Blitzortung lightning, NOAA GOES/Himawari satellite imagery, tide predictions, pollen tracking, NWS severe alerts, SPC convective outlooks, tropical cyclone tracking, red flag fire warnings |
| Cyber & Threats | ThreatFox IOCs, OpenPhish feeds, Spamhaus blocklists, CISA KEV, ICS/OT threats, network topology, 24-session EMA threat forecast, Palantir/Dragos-inspired intel panels |
| Markets & Finance | S&P 500, BTC, oil, gold, commodities, macro signals, central bank feeds, sector heatmap (requires Finnhub key) |
| Space & Satellites | ISS + Starlink + weather satellite tracking, SGP4 propagation, real-time orbital positions |
| Infrastructure | Submarine cables, maritime vessels, flight tracking, port status, datacenter outages, internet exchange points |
| Disasters | GDACS Red/Orange events, M6.5+ earthquakes, wildfire perimeters (NASA FIRMS), cyclone paths |
Local-first desktop security boundary The renderer never touches API keys directly. Keys are stored in the OS keychain via Tauri's secret store, injected into a Node.js sidecar at startup, and proxied through a bearer-authenticated localhost port. The renderer resolves the sidecar port dynamically — no hardcoded assumptions about the runtime environment.
CSP under real constraints
script-src requires 'unsafe-eval' because Cesium compiles GLSL shaders dynamically. Removing it silently breaks God's Eye (dynamic import failure → reload loop, no visible error). Compensating controls: trusted-window IPC gating, sidecar bearer auth, no 'unsafe-inline' on script-src, devtools disabled in production builds.
Variant architecture without forking
Four product variants (Full, Tech, Finance, Happy) share one application shell. Panel inventory, map layer defaults, and feed configuration swap through src/config/panels.ts and src/config/variant.ts — not separate builds or conditional compilation.
AI fallback chain Summarization resolves at runtime: Ollama (local) → Groq → Claude → OpenRouter → browser inference. Each hop is an explicit boundary, not a catch-all try/catch. Works in air-gapped and privacy-sensitive environments.
App mode state machine Five modes (Peace/Finance/War/Disaster/Ghost) trigger on live signal thresholds — S&P ≥2.5%, ≥2 war signals above confidence 0.6 normalized by conflict baselines, GDACS Red events. Ghost Mode suppresses analytics, multiplies poll intervals ×5, and changes UI chrome. Mode transitions are deterministic and testable.
WKWebView constraints
CSS -webkit-app-region: drag is silently ignored. Window dragging requires JS mousedown → tryInvokeTauri('plugin:window|start_dragging'). All local iframes must use http://127.0.0.1:{port} not localhost — WKWebView treats them as distinct origins and the CSP only allows 127.0.0.1.
| Layer | Stack |
|---|---|
| Frontend | TypeScript, Vite, MapLibre GL, deck.gl, Cesium.js, D3, i18next |
| Contracts | Buf, Protobuf, generated TypeScript clients + OpenAPI output |
| Desktop shell | Tauri v2, Rust, OS keychain, Node.js sidecar (port 46123) |
| AI layer | Ollama → Groq → Claude → OpenRouter → browser inference |
| Verification | TypeScript strict, Playwright e2e + visual, sidecar unit tests |
| CI/CD | Tag-driven desktop publish, release manifest verification, CodeQL |
| Metric | Value | Source |
|---|---|---|
| Product variants | 4 | src/config/variant.ts |
| Desktop build targets | 3 | package.json |
| Default panel inventory | 181 full / 35 tech / 31 finance / 10 happy | src/config/panels.ts |
| God's Eye data layers | 22 | src/components/GodsEyeView.ts |
| Supported secret keys | 47 | src-tauri/src/main.rs |
| Locales | 19 | src/locales/ |
| Generated OpenAPI specs | 21 | docs/api/ |
| Variant | Web | Desktop | Focus |
|---|---|---|---|
full |
Yes | Yes | Geopolitics, infrastructure, cyber, conflict, disasters |
tech |
Yes | Yes | AI, startups, cloud, service health, developer ecosystems |
finance |
Yes | Yes | Markets, commodities, macro signals, central banks |
happy |
Yes | No | Positive news, progress, science, conservation |
npm ci && npm run dev # web, default variant
npm run dev:tech # tech variant
npm run dev:finance # finance variant
npm run desktop:dev # Tauri dev build
npm run desktop:build:full # production desktop
npm run typecheck:all # zero-error type checkThe happy variant shares the default dev server (npm run dev). See docs/API_KEYS.md for key setup and docs/DESKTOP_CONFIGURATION.md for sidecar config.
| Guide | Purpose |
|---|---|
| docs/DOCUMENTATION.md | Entry point for all repo docs |
| docs/API_KEYS.md | All 47 API keys — categories, signup URLs, free/paid |
| docs/DESKTOP_CONFIGURATION.md | Desktop secret keys, feature availability, fallback |
| docs/API_KEY_DEPLOYMENT.md | Cloud API trust boundary and origin rules |
| docs/ADDING_ENDPOINTS.md | Proto + Buf workflow for new RPC endpoints |
| docs/RELEASE_PACKAGING.md | Desktop packaging and signing workflow |
| CONTRIBUTING.md | Contributor workflow, checks, PR expectations |
| SECURITY.md | Vulnerability reporting and scope |
If you change product behavior, API contracts, or operational workflows, update the docs in the same branch. The project is much easier to evaluate when the implementation and the documentation move together.
Licensed under AGPL-3.0-only. This desktop project builds on top of koala73/worldmonitor by Elie Habib.