A public, open-source, map-first directory of U.S. Customs and Border Protection (CBP) duty stations — Border Patrol (USBP), Office of Field Operations (OFO), and Air & Marine Operations (AMO). Built to help CBP job applicants weighing relocation offers explore each potential assignment: location, local context, housing, schools, climate, and links to authoritative references for the area.
Live: dutystation.us
| Feature | Description |
|---|---|
| Map-first directory | OpenLayers map of every CBP station with filters by component (USBP, OFO, AMO), region, state, and facility type. |
| Station detail | Per-station page with local context, area summaries (housing, schools, crime, weather, jobs, demographics, cost of living, transit), and tailored external links. |
| Side-by-side comparison | Pick stations and compare attributes head-to-head. |
| Federal-data summaries | Eight summary cards driven by U.S. Census ACS, BLS LAUS, BEA RPP, FBI CDE, NOAA NCEI, NCES CCD, and FAA NPIAS — see docs/data-sources.md. |
| Link quality gate | Every external link is audited and validated in CI; broken or redirect-to-error links block release. |
| Static-hostable fallback | Runs against Supabase when configured; falls back to a bundled dataset so the site stays available even without a database. |
| Accessibility first | axe-core unit tests, @axe-core/cli page scans, and Playwright + axe E2E — WCAG 2.1 AA / Section 508. |
| Hardened CI | Typecheck, lint, unit + E2E tests, link audit, npm audit, CodeQL, gitleaks, Trivy, OWASP ZAP, Lighthouse on every PR. |
- React 19 + TypeScript 5 + Vite 7 — SPA deployed to Netlify
- Tailwind CSS + shadcn/ui component primitives
- Supabase — managed PostgreSQL with RLS; drives the station, summary, and link tables
- OpenLayers — interactive mapping
- Lucide for icons
- Vitest + @testing-library/react + jest-axe — unit and accessibility tests
- Playwright + @axe-core/playwright — E2E and in-browser a11y
- OWASP ZAP, CodeQL, gitleaks, Trivy — security scanning in CI
- Lighthouse CI — performance and a11y budgets
git clone https://github.com/MetaPhase-Consulting/dutystation.git
cd dutystation
npm install
npm run dev # http://localhost:8080Requires Node.js 20 (nvm use reads .nvmrc) and
npm 10+. Without a .env file the app runs against the bundled dataset
fallback, so you can browse the directory and station detail pages
without Supabase set up.
For environment variables, IDE setup, project layout, and the deeper contributor walkthrough, see docs/developers.md.
Run these locally before opening a PR:
npm run typecheck # TypeScript
npm run lint # ESLint
npm run test:run # Vitest unit + jest-axe
npm run test:a11y # axe-core CLI on key routes
npm run test:e2e # Playwright smoke (desktop + mobile)
npm run build # Production Vite build
npm run test:audit # npm audit (prod)
npm run data:validate:link-auditEvery PR runs a single consolidated workflow: lint + typecheck → unit tests →
build → security scans (npm audit, CodeQL, gitleaks, Trivy, OWASP ZAP) →
accessibility (axe-core CLI) → Lighthouse → Playwright E2E (desktop + mobile)
→ migration validation → Netlify deploy (preview for PRs, production for
main).
A separate scheduled workflow (data-maintenance.yml) runs the link audit,
remediation, and enrichment pipeline.
| Topic | Doc |
|---|---|
| Developer onboarding (env, IDE, structure) | docs/developers.md |
| Data sources & provenance | docs/data-sources.md |
| CBP canonical roster pipeline | docs/data/cbp-source.md |
| Data pipeline command reference | docs/data/operations.md |
| Link operations runbook | docs/operations/link-quality-runbook.md |
| Accessibility & security checklist | docs/compliance/accessibility-security-checklist.md |
| Release gates and SLOs | docs/governance/release-gates-and-slos.md |
| Engineering harness | docs/governance/engineering-harness-standard.md |
| Architecture decisions | docs/architecture/adr-001-data-platform.md |
| Implementation roadmap | docs/plan/implementation-roadmap.md |
| Requirements traceability | docs/requirements/traceability-matrix.md |
| Progress log | docs/progress/status-log.md |
| Collaboration rules | CLAUDE.md, AGENTS.md |
| Contributing | CONTRIBUTING.md |
| Security policy | SECURITY.md |
| Code of conduct | CODE_OF_CONDUCT.md |
Production deploys to Netlify
from main; pull requests get automatic deploy previews. Netlify runs
npm ci --legacy-peer-deps && npm run build and publishes the dist/
directory — see netlify.toml for the full build + headers
config.
Because the app ships with a bundled dataset fallback, the production artifact is a self-contained static SPA and can also be hosted anywhere that serves static files.
Developed by MetaPhase and delivered with our internal ChallengeAI accelerators to rapidly ship government-grade generative AI solutions.
Bring Us Your Challenge®
This site is built on top of free, open, U.S. government data: Census Bureau (ACS, Geocoder, ZCTA gazetteer, OMB CBSA delineations), Bureau of Labor Statistics (LAUS), Bureau of Economic Analysis (Regional Price Parities), FBI Crime Data Explorer, NOAA NCEI (Climate Normals), NCES Common Core of Data, and the FAA NPIAS. Per-source provenance is in docs/data-sources.md.
MIT — see LICENSE. You are free to use, modify, and distribute this software in accordance with the terms of that license.