@lspassos1 is attempting to deploy a commit to the Elie Team on Vercel.

A member of the Team first needs to authorize it.

Greptile Summary

This PR introduces a new seed-regulatory-actions service that polls five regulatory RSS/Atom feeds (SEC, CFTC, Federal Reserve, FDIC, FINRA), classifies actions by keyword tier, and writes results to Redis under regulatory:actions:v1 with a 7200s TTL. It wires the new source into the cross-source signals aggregator, enforces the expected 2-hour Railway cron schedule via railway-set-watch-paths.mjs, and ships comprehensive unit tests for all new logic.

Key findings:

• Missing bootstrap hydration (api/bootstrap.js): regulatory:actions:v1 is not registered in BOOTSTRAP_CACHE_KEYS. Per AGENTS.md Critical Conventions, every new data source must be wired into api/bootstrap.js. Without this, the cross-source signals panel will load with an empty regulatory extractor for up to 2 hours after a cold deploy or cache expiry.
• FINRA feed uses plain HTTP (http://feeds.finra.org/FINRANotices) while every other feed in the list uses HTTPS. Financial regulatory notices transmitted over HTTP are susceptible to interception or tampering.
• currentPatterns.sort() mutates in place in railway-set-watch-paths.mjs — a minor defensive improvement would be to spread before sorting, consistent with the right-hand side of the same comparison.

Confidence Score: 4/5

• Safe to merge after adding regulatory:actions:v1 to api/bootstrap.js — the missing bootstrap registration causes a silent 2-hour data gap on first deploy.
• One P1 finding remains: the regulatory:actions:v1 key is absent from api/bootstrap.js, violating an explicit AGENTS.md critical convention and causing the regulatory extractor to return empty results for up to one full cron interval after deployment. All other findings are P2 (HTTPS on FINRA feed, defensive sort copy). The core script logic, cron sync, and test coverage are solid.
• api/bootstrap.js needs a regulatoryActions: 'regulatory:actions:v1' entry; scripts/seed-regulatory-actions.mjs line 30 should switch FINRA to HTTPS.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant Cron as Railway Cron<br/>(0 */2 * * *)
    participant Seed as seed-regulatory-actions
    participant Feeds as RSS Feeds<br/>(SEC, CFTC, Fed, FDIC, FINRA)
    participant Redis as Redis
    participant CSS as seed-cross-source-signals
    participant Bootstrap as api/bootstrap.js
    participant Client as Dashboard Client

    Cron->>Seed: trigger every 2h
    Seed->>Feeds: fetch RSS/Atom (parallel, 15s timeout)
    Feeds-->>Seed: XML responses
    Seed->>Seed: parse → normalize → dedupe → classify (high/medium/low)
    Seed->>Redis: SET regulatory:actions:v1 (TTL 7200s)
    Seed->>Redis: SET seed-meta:regulatory:actions

    Cron->>CSS: trigger (separate schedule)
    CSS->>Redis: GET regulatory:actions:v1 + other source keys
    Redis-->>CSS: payload
    CSS->>CSS: extractRegulatoryAction (48h cutoff, top-3 non-low)
    CSS->>Redis: SET intelligence:cross-source-signals:v1

    Client->>Bootstrap: GET /api/bootstrap
    Bootstrap->>Redis: MGET [...keys] ⚠️ regulatory:actions:v1 missing
    Redis-->>Bootstrap: bulk data (no regulatory actions)
    Bootstrap-->>Client: hydration payload (regulatory gap)

_{Reviews (1): Last reviewed commit: "chore(railway): sync regulatory seed cro..." | Re-trigger Greptile}

Applied this live in Railway.

seed-regulatory-actions now exists in magnificent-recreation with the settings this PR expects: /scripts root directory, node seed-regulatory-actions.mjs as the start command, the matching watch paths, and cron 0 */2 * * *.

Refs #2495.

Follow-up on the bootstrap thread: regulatory:actions:v1 stays out of api/bootstrap.js intentionally. It is an internal Redis input for the cross-source aggregation job, not a frontend hydration key. The client-facing bootstrap key is intelligence:cross-source-signals:v1, which is already wired. Bootstrapping the intermediate feed would add unused data to every bootstrap response without affecting panel behavior.

Review — PR #2569 (Railway cron schedule)

Why this PR? Configures Railway cron for the regulatory seed and includes hardening fixes from the chain.

Blocking

1. TTL = cron interval (reiterated from #2567).
TTL_SECONDS = 7200 with 0 */2 * * * cron = 1x. Must be 3x (21600s = 6h). See #2567 review.

2. Missing api/health.js SEED_META registration.
No entry for regulatory:actions in SEED_META across the entire 4-PR chain. Without this, the health dashboard can't monitor staleness. Fix:

regulatoryActions: { key: 'seed-meta:regulatory:actions', maxStaleMin: 240 },

3. Missing STANDALONE_KEYS registration in api/health.js.
regulatory:actions:v1 needs to be in STANDALONE_KEYS for data presence monitoring:

regulatoryActions: 'regulatory:actions:v1',

Suggestions

1. REQUIRED_SEED_SERVICES only contains seed-regulatory-actions. No other seed service uses this guard. Either add all seed services or remove the guard for consistency.
2. buildExpectedPatterns() is a good refactoring. Clean extraction of watch-path logic.
3. Pre-compiled keyword patterns and [...currentPatterns].sort() spread-before-mutate are both good fixes.

Across the chain

The code quality is strong. @lspassos1 clearly studied the project patterns (deferred fetch lambda, isDirectRun guard, vm.createContext tests, Promise.allSettled, deterministic IDs). The blocking issues are:

• TTL constant (quick fix)
• Health/cache registration (checklist items)
• Keyword vocabulary gaps (needs thought, most important)
• Signal selection order (sort by importance, not just recency)

Once these are addressed, the chain is merge-ready. Happy to re-review.

@koala73 Thanks for the review. I applied the requested changes across the chain: description parsing in the feed payload, the TTL/cache-key/health wiring, the classifier updates, and the cross-source selection fixes. When you have a moment, could you take another look?