-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
248 lines (220 loc) · 11.7 KB
/
Copy pathindex.html
File metadata and controls
248 lines (220 loc) · 11.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Dynamic Feed Starter — verified live data, in your browser</title>
<meta name="description" content="A one-function starter app on Dynamic Feed: keyless live data (earthquakes, treasury yields, exploited CVEs, nearby hazards) with the Ed25519 signature verified in your browser.">
<link rel="stylesheet" href="/style.css">
<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'><rect width='16' height='16' fill='%23000103'/><path d='M8 2l5 3v6l-5 3-5-3V5z' fill='none' stroke='%2346e6da' stroke-width='1.4'/></svg>">
</head>
<body>
<header class="top">
<a class="brand" href="https://dynamicfeed.ai" target="_blank" rel="noopener">
<span class="bolt">⬡</span> DYNAMIC FEED <span class="dim">/ starter</span>
</a>
<nav>
<a href="https://github.com/dynamicfeed/dynamicfeed-starter" target="_blank" rel="noopener">source</a>
<a href="https://dynamicfeed.ai/standard" target="_blank" rel="noopener">standard</a>
<a href="https://dynamicfeed.ai/proof" target="_blank" rel="noopener">proof</a>
</nav>
</header>
<main class="wrap">
<section class="hero">
<h1>Live data your agent can <em>prove</em>.</h1>
<p class="sub">This page calls the keyless <a href="https://dynamicfeed.ai" target="_blank" rel="noopener">Dynamic Feed</a> API
through one serverless function — then verifies an <strong>Ed25519 signature in your browser</strong>.
No API key. No SDK. Zero npm dependencies.</p>
</section>
<!-- ── In-browser signature verification ─────────────────────────────────── -->
<section class="verify-band" id="verify-band">
<div class="badge pending" id="badge">⟳ verifying signature…</div>
<div class="verify-detail" id="verify-detail">fetching a fresh signed attestation from dynamicfeed.ai/v1/attest…</div>
<div class="verify-actions">
<button id="tamper-btn" disabled>run tamper test — flip 1 byte</button>
<a class="ghost" href="https://dynamicfeed.ai/v1/attest?metric=temperature_c&op=gte&threshold=-50&lat=-33.87&lon=151.21" target="_blank" rel="noopener">view raw envelope ↗</a>
</div>
</section>
<!-- ── Live data (via /api/feed → dynamicfeed.ai/v1/batch) ───────────────── -->
<section class="grid" id="grid">
<article class="card" id="card-quakes">
<h2>Earthquakes · M5+ · 24h</h2>
<div class="body"><span class="loading">loading…</span></div>
<footer class="src" data-src></footer>
</article>
<article class="card" id="card-yields">
<h2>US Treasury yield curve</h2>
<div class="body"><span class="loading">loading…</span></div>
<footer class="src" data-src></footer>
</article>
<article class="card" id="card-cves">
<h2>Exploited in the wild · CISA KEV</h2>
<div class="body"><span class="loading">loading…</span></div>
<footer class="src" data-src></footer>
</article>
<article class="card" id="card-nearby">
<h2>Hazards near a point</h2>
<div class="nearby-form">
<input id="lat" inputmode="decimal" value="-33.87" aria-label="latitude"> ,
<input id="lon" inputmode="decimal" value="151.21" aria-label="longitude">
<button id="scan-btn">scan 300 km</button>
</div>
<div class="body" id="nearby-body"><span class="dim">enter lat, lon and scan — signed cross-hazard sweep (quakes · fires · floods · storms)</span></div>
<footer class="src" data-src></footer>
</article>
</section>
<section class="how">
<h3>How the proof works</h3>
<ol>
<li><code>GET dynamicfeed.ai/v1/attest</code> returns a signed envelope — data + a detached <code>Ed25519</code> signature.</li>
<li>Your browser strips the <code>signature</code> block, re-canonicalizes the rest <em>byte-for-byte</em> (<code>json-sorted-compact</code> — see <a href="https://dynamicfeed.ai/standard" target="_blank" rel="noopener">the standard</a>).</li>
<li>It verifies the signature against the published key at <code>dynamicfeed.ai/.well-known/keys</code> using <a href="https://github.com/paulmillr/noble-ed25519" target="_blank" rel="noopener">@noble/ed25519</a>.</li>
<li>Flip a single byte of the data → verification fails. That's the point: the data can't be quietly altered between source and agent.</li>
</ol>
</section>
</main>
<footer class="site-foot">
<span>built on <a href="https://dynamicfeed.ai" target="_blank" rel="noopener">dynamicfeed.ai</a></span>
<span class="dim">·</span>
<a href="https://dynamicfeed.ai/standard" target="_blank" rel="noopener">/standard</a>
<a href="https://dynamicfeed.ai/proof" target="_blank" rel="noopener">/proof</a>
<a href="https://dynamicfeed.ai/llms-full.txt" target="_blank" rel="noopener">/llms-full.txt</a>
<a href="https://github.com/dynamicfeed/dynamicfeed-starter" target="_blank" rel="noopener">github</a>
</footer>
<script>
// Fallback if the verifier module (or its CDN dep) fails to load.
window.__verifierLoaded = false;
setTimeout(function () {
if (!window.__verifierLoaded) {
var b = document.getElementById('badge');
if (b && /verifying/.test(b.textContent)) {
b.className = 'badge bad';
b.textContent = '✗ verifier failed to load (CDN blocked?)';
}
}
}, 12000);
</script>
<script type="module">
import { verify, tamper, fetchAttestation } from '/verify.js';
window.__verifierLoaded = true;
const $ = (s, el = document) => el.querySelector(s);
const esc = s => String(s ?? '').replace(/[&<>"']/g, c =>
({ '&': '&', '<': '<', '>': '>', '"': '"', "'": ''' })[c]);
const ago = iso => {
if (!iso) return '';
const s = Math.max(0, (Date.now() - Date.parse(iso)) / 1000);
if (s < 90) return Math.round(s) + 's ago';
if (s < 5400) return Math.round(s / 60) + 'm ago';
return Math.round(s / 3600) + 'h ago';
};
// ── 1. Verify a signed envelope IN THE BROWSER ───────────────────────────────
let rawEnvelope = null;
async function runVerify() {
const badge = $('#badge'), detail = $('#verify-detail'), btn = $('#tamper-btn');
try {
rawEnvelope = await fetchAttestation();
const r = await verify(rawEnvelope);
if (r.ok) {
badge.className = 'badge ok';
badge.textContent = '✓ signature VALID — verified in your browser';
const env = JSON.parse(rawEnvelope);
detail.innerHTML =
`<b>${esc(env.observed?.value)}${esc(env.observed?.unit || '')}</b> observed in Sydney · trigger ` +
`<code>${esc(env.trigger?.metric)} ${esc(env.trigger?.op)} ${esc(env.trigger?.threshold)}</code> → ` +
`<b>${env.met ? 'MET' : 'NOT MET'}</b> · key <code>${esc(r.keyId)}</code> · ` +
`${esc(r.alg)} / ${esc(r.canon)} · issued ${esc(ago(env.issued_at))}`;
btn.disabled = false;
} else {
badge.className = 'badge bad';
badge.textContent = '✗ signature INVALID';
detail.textContent = r.error || 'verification failed';
}
} catch (e) {
badge.className = 'badge bad';
badge.textContent = '✗ could not verify';
detail.textContent = String(e.message || e);
}
}
$('#tamper-btn').addEventListener('click', async () => {
const badge = $('#badge'), detail = $('#verify-detail'), btn = $('#tamper-btn');
if (!rawEnvelope) return;
if (btn.dataset.state === 'tampered') { // restore
btn.dataset.state = ''; btn.textContent = 'run tamper test — flip 1 byte';
return runVerify();
}
const forged = tamper(rawEnvelope);
const r = await verify(forged);
badge.className = r.ok ? 'badge ok' : 'badge bad';
badge.textContent = r.ok ? '⚠ tamper NOT detected (bug!)' : '✗ tampered envelope REJECTED';
detail.textContent = '1 digit of the data was flipped → the Ed25519 signature no longer matches. ' +
'This is what an agent sees if anyone alters the data in transit.';
btn.dataset.state = 'tampered';
btn.textContent = '↺ restore the genuine envelope';
});
// ── 2. Live data via our one serverless function ─────────────────────────────
const toolData = (feed, name) =>
(feed.batch?.results || []).find(r => r.tool === name && r.ok)?.data;
function renderQuakes(d) {
const card = $('#card-quakes');
if (!d) return $('.body', card).innerHTML = '<span class="dim">unavailable</span>';
$('.body', card).innerHTML = '<ul class="rows">' + (d.results || []).map(q =>
`<li><b class="num">M${esc(q.magnitude)}</b> <span>${esc(q.place)}</span>` +
`<span class="meta"><i class="dot ${esc(q.alert || 'none')}"></i>${esc(ago(q.time))}</span></li>`
).join('') + '</ul>';
$('[data-src]', card).textContent = `${d.source} · ${d.total_in_feed} quakes in feed · checked ${ago(d.checked_at)}`;
}
function renderYields(d) {
const card = $('#card-yields');
if (!d) return $('.body', card).innerHTML = '<span class="dim">unavailable</span>';
const y = d.yields_pct || {};
$('.body', card).innerHTML =
'<div class="curve">' + Object.entries(y).map(([t, v]) =>
`<div class="tick"><b class="num">${esc(v)}</b><span>${esc(t)}</span></div>`).join('') + '</div>' +
`<p class="signal">10Y−2Y spread <b class="num">${esc(d.spread_10y_2y)}</b> · ${esc(d.recession_signal)}</p>`;
$('[data-src]', card).textContent = `${d.source} · as of ${d.date}`;
}
function renderCves(d) {
const card = $('#card-cves');
if (!d) return $('.body', card).innerHTML = '<span class="dim">unavailable</span>';
$('.body', card).innerHTML = '<ul class="rows">' + (d.results || []).map(c =>
`<li><b class="cve">${esc(c.cve)}</b> <span>${esc(c.name || c.vulnerability_name || '')}</span>` +
(c.epss_probability != null ? `<span class="meta num">EPSS ${esc((c.epss_probability * 100).toFixed(1))}%</span>` : '') + '</li>'
).join('') + '</ul>';
$('[data-src]', card).textContent = `${d.source} · ${d.total_known_exploited} CVEs confirmed exploited · catalog ${d.catalog_version}`;
}
function renderNearby(n) {
const card = $('#card-nearby'), body = $('#nearby-body');
if (!n) return;
if (n.error) return body.innerHTML = `<span class="dim">${esc(n.error)}</span>`;
const rows = (n.hazards || []).slice(0, 6);
body.innerHTML = rows.length
? '<ul class="rows">' + rows.map(h =>
`<li><b class="haz">${esc(h.category)}</b> <span>${esc(h.headline)}</span>` +
`<span class="meta num">${esc(h.distance_km)} km</span></li>`).join('') + '</ul>'
: '<span class="dim">no active hazards within radius — quiet skies</span>';
$('[data-src]', card).textContent =
`${n.count} hazards within ${n.radius_km} km · signed envelope (key ${n.signature?.key_id || '—'}) · issued ${ago(n.issued_at)}`;
}
async function loadFeed(lat, lon) {
const qs = lat != null ? `?lat=${encodeURIComponent(lat)}&lon=${encodeURIComponent(lon)}` : '';
const r = await fetch('/api/feed' + qs);
if (!r.ok) throw new Error('/api/feed responded ' + r.status);
const feed = await r.json();
renderQuakes(toolData(feed, 'earthquakes'));
renderYields(toolData(feed, 'treasury_yields'));
renderCves(toolData(feed, 'exploited_vulnerabilities'));
renderNearby(feed.nearby);
}
$('#scan-btn').addEventListener('click', () => {
$('#nearby-body').innerHTML = '<span class="loading">scanning…</span>';
loadFeed($('#lat').value.trim(), $('#lon').value.trim())
.catch(e => $('#nearby-body').innerHTML = `<span class="dim">${esc(e.message)}</span>`);
});
runVerify();
loadFeed().catch(e => {
for (const el of document.querySelectorAll('.card .loading'))
el.outerHTML = `<span class="dim">${esc(e.message)}</span>`;
});
</script>
</body>
</html>