Build a live-data agent that can prove its data is real — in one serverless function, with zero npm dependencies.
This is the smallest possible app on Dynamic Feed: a static page + one function that pulls keyless live data (earthquakes, US Treasury yields, exploited CVEs, hazards near any point) and then verifies an Ed25519 signature in your browser — so you can watch a green ✓ signature VALID — verified in your browser badge light up on data that was measured seconds ago.
One click. No API key. No environment variables.
- Keyless live data —
api/feed.jsmakes a singlePOST https://dynamicfeed.ai/v1/batchcall that fans out to three tools server-side (earthquakes,treasury_yields,exploited_vulnerabilities), plus an optionalGET /v1/nearby?lat&lonsigned hazard scan around any point. No key, no signup, no SDK. - In-browser signature verification — the page fetches a fresh signed attestation from
GET https://dynamicfeed.ai/v1/attest, strips thesignatureblock, re-canonicalizes the envelope byte-for-byte (json-sorted-compact— see the standard), and verifies the detached Ed25519 signature against the published key at/.well-known/keysusing @noble/ed25519. Verification happens in your browser — you are not trusting this app, or even Dynamic Feed's web server, to tell you the data is genuine. - Tamper evidence — hit the “run tamper test” button: it flips a single digit of the data and re-verifies. The signature fails instantly. That is the whole point — signed data cannot be quietly altered between source and agent.
Zero-install (Node ≥ 18, nothing to npm install):
node dev-server.js
# → http://localhost:3000Or with Vercel's emulator:
npx vercel devTry the function directly:
curl http://localhost:3000/api/feed | python3 -m json.tool
curl "http://localhost:3000/api/feed?lat=-33.87&lon=151.21" # + signed hazards near Sydney| File | Purpose |
|---|---|
api/feed.js |
the entire backend — one Vercel serverless function, global fetch, no deps |
index.html |
the dashboard + in-browser verification UI |
verify.js |
Ed25519 verifier (adapted from the official dynamicfeed.ai/verify.js for cross-origin use) |
canon.js |
the json-sorted-compact canonicalization — lossless number-preserving parse, Python-ensure_ascii escaping |
style.css |
dark, minimal, mono |
dev-server.js |
optional zero-install local server (node dev-server.js) |
A naive JSON.parse → JSON.stringify round-trip silently changes bytes — float representation (151.21 can become 151.20999999999998) and non-ASCII escaping (the signer escapes the arrow character → to the six ASCII bytes \u2192) — and a single changed byte breaks an Ed25519 signature. canon.js parses losslessly (numbers kept verbatim as wire text) and re-serializes exactly the way the signer does. The full recipe is published at dynamicfeed.ai/standard.
- Swap the tools in
api/feed.js— there are 50+ keyless tools (weather, flights, satellites, sanctions, shipping, AI-model pricing, …). The full self-describing catalog: dynamicfeed.ai/llms-full.txt - Point the nearby-hazards card at your own coordinates
- Need higher rate limits or key-gated REST? dynamicfeed.ai
- dynamicfeed.ai — the live-data layer for AI agents
- /standard — the signed-envelope + canonicalization spec
- /proof — verify a live envelope yourself, right now
- /llms-full.txt — every tool, self-describing, agent-readable
MIT — fork it, ship it.