- query_point: reverse-maps pixel RGB through colormap to recover exact
data values at geographic coordinates
- get_time_series: fetches imagery across evenly-spaced dates for
temporal analysis (up to 12 frames)
- Auto-detect polar stereographic projection (EPSG:3413/3031) for
high-latitude bounding boxes
- Add progress reporting to all HTTP-calling tools
- Add quantitative_snapshot and seasonal_timelapse prompts
- Update README with 3 new conversational examples
- 92 tests passing
Address 20 findings from safety-critical review:
CRITICAL:
- C1: Replace ET.fromstring with defusedxml across all XML parsers
- C2: Fix client init failure leaving half-initialized state; clean
up HTTP client on startup failure so next connection can retry
HIGH:
- H1: Replace unbounded dicts with LRU caches (maxsize=500)
- H2: Move Nominatim rate limiter from module globals to per-instance
state on GIBSClient, eliminating shared mutable state
- H3: Validate _parse_rgb input, return (0,0,0) on malformed data
- H4: Add exponential backoff retry for capabilities loading
- H5: Invert WMS error detection to verify image content-type
- H6: Clamp image dimensions to 4096 max to prevent OOM
MEDIUM:
- M1: Convert images to RGB mode in compare_dates for RGBA safety
- M2: Narrow DescribeDomains XML matching to TimeDomain elements
- M3: Add BBox model_validator for coordinate range validation
- M4: Add ET.ParseError to colormap fetch exception handling
- M5: Replace bare except Exception with specific types in server
- M6: Catch ValueError from _resolve_bbox in imagery tools for
consistent error returns
- M7: Only cache successful geocoding lookups (no negative caching)
LOW:
- L3: Derive USER_AGENT version from package __version__
- L5: Remove unused start_date/end_date params from check_layer_dates
