- Add polar stereographic coordinate transform (EPSG:3413/3031) in geo.py
so geographic bboxes are properly converted to projected meters
- Auto-detect image format: PNG for colormapped layers (preserves exact
colors for query_point reverse-mapping), JPEG for true-color
- get_imagery format parameter now defaults to "auto" instead of "jpeg"
- Embed NDVI seasonal timelapse and polar stereo images in README
- 96 tests passing
Address 20 findings from safety-critical review:
CRITICAL:
- C1: Replace ET.fromstring with defusedxml across all XML parsers
- C2: Fix client init failure leaving half-initialized state; clean
up HTTP client on startup failure so next connection can retry
HIGH:
- H1: Replace unbounded dicts with LRU caches (maxsize=500)
- H2: Move Nominatim rate limiter from module globals to per-instance
state on GIBSClient, eliminating shared mutable state
- H3: Validate _parse_rgb input, return (0,0,0) on malformed data
- H4: Add exponential backoff retry for capabilities loading
- H5: Invert WMS error detection to verify image content-type
- H6: Clamp image dimensions to 4096 max to prevent OOM
MEDIUM:
- M1: Convert images to RGB mode in compare_dates for RGBA safety
- M2: Narrow DescribeDomains XML matching to TimeDomain elements
- M3: Add BBox model_validator for coordinate range validation
- M4: Add ET.ParseError to colormap fetch exception handling
- M5: Replace bare except Exception with specific types in server
- M6: Catch ValueError from _resolve_bbox in imagery tools for
consistent error returns
- M7: Only cache successful geocoding lookups (no negative caching)
LOW:
- L3: Derive USER_AGENT version from package __version__
- L5: Remove unused start_date/end_date params from check_layer_dates
