Skip to content

Added new STAC-Item-Operator script (as an example)#324

Merged
romeokienzler merged 2 commits into
claimed-framework:mainfrom
IvanBirkmaier:stac-operator
Jul 3, 2026
Merged

Added new STAC-Item-Operator script (as an example)#324
romeokienzler merged 2 commits into
claimed-framework:mainfrom
IvanBirkmaier:stac-operator

Conversation

@IvanBirkmaier

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

I created a new operator for creating a STAC-Item which uses a script instead of an notebook

How was this pull request tested?

Tested it through unit test. Test were not added bc the changes only made in the example section and are not critical. Would just add noise to the project.

Developer's Certificate of Origin 1.1

   By making a contribution to this project, I certify that:

   (a) The contribution was created in whole or in part by me and I
       have the right to submit it under the Apache License 2.0; or

   (b) The contribution is based upon previous work that, to the best
       of my knowledge, is covered under an appropriate open source
       license and I have the right under that license to submit that
       work with modifications, whether created in whole or in part
       by me, under the same open source license (unless I am
       permitted to submit under a different license), as indicated
       in the file; or

   (c) The contribution was provided directly to me by some other
       person who certified (a), (b) or (c) and I have not modified
       it.

   (d) I understand and agree that this project and the contribution
       are public and that a record of the contribution (including all
       personal information I submit with it, including my sign-off) is
       maintained indefinitely and may be redistributed consistent with
       this project or the open source license(s) involved.

@socket-security

socket-security Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedpypi/​gdal@​3.11.5938210010070
Addedpypi/​gdal@​3.12.2888210010070
Addedpypi/​numpy@​2.4.67510010010070
Addedpypi/​shapely@​2.1.296100100100100
Addedpypi/​pystac@​1.14.3100100100100100

View full report

@socket-security

socket-security Bot commented Jul 3, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: pypi gdal is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: src/claimed/components/geo/pyproject.tomlpypi/gdal@3.12.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/gdal@3.12.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: pypi numpy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: src/claimed/components/geo/uv.lockpypi/numpy@2.4.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/numpy@2.4.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Signed-off-by: Ivan Birkmaier <ivanbirkmaier1@gmail.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new (example) “STAC Item Operator” Python component under src/claimed/components/geo/ that generates a STAC Item JSON from a GeoTIFF by filling a provided template, using GDAL for metadata extraction and filename parsing as a fallback for embeddings lacking embedded CRS.

Changes:

  • Introduces stac_item_operator.py with a CLI entrypoint to produce a STAC Item JSON from a GeoTIFF + template.
  • Adds an example STAC Item template JSON (stac/item_template.json) intended to be populated by the operator.
  • Adds component packaging + lock/config files (pyproject.toml, uv.lock, .python-version) for the new geo component.

Reviewed changes

Copilot reviewed 4 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
src/claimed/components/geo/src/stac_item_operator.py New operator implementation for extracting GeoTIFF metadata and emitting a STAC Item JSON.
src/claimed/components/geo/stac/item_template.json Adds an example STAC Item template to be filled by the operator.
src/claimed/components/geo/pyproject.toml Defines the new component package and dependencies (GDAL, pystac, shapely).
src/claimed/components/geo/uv.lock Locks Python dependencies for the geo component.
src/claimed/components/geo/.python-version Pins the component’s Python runtime version.
src/claimed/components/geo/src/init.py Establishes the module package structure for the geo component.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/claimed/components/geo/src/stac_item_operator.py Outdated
Comment on lines +314 to +316
item.setdefault("properties", {})
item["properties"]["datetime"] = _datetime_from_filename(stem)
item["properties"]["proj:epsg"] = meta["epsg"]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in commit 6fafccb. run() now conditionally sets properties['proj:epsg'] only when meta['epsg'] is not None, and actively removes the key from the item (via pop) when the code is unavailable, so no null/None projection metadata leaks into the STAC output.

Comment thread src/claimed/components/geo/src/stac_item_operator.py Outdated
Comment thread src/claimed/components/geo/src/stac_item_operator.py Outdated
Comment thread src/claimed/components/geo/src/stac_item_operator.py Outdated
Comment thread src/claimed/components/geo/stac/item_template.json
Comment thread src/claimed/components/geo/stac/item_template.json Outdated
Comment thread src/claimed/components/geo/src/stac_item_operator.py
- _extract_tiff_metadata: treat any valid CRS WKT as georeferenced (not
  only when an authority code is present) and always reproject bbox/geometry
  to WGS 84 via an explicit CoordinateTransformation, so STAC output is
  always in lon/lat regardless of the file's native CRS.
- run(): omit properties['proj:epsg'] when the EPSG code cannot be
  identified (epsg is None) instead of writing null/None into the STAC
  item.
- Docstring: correct assets.embeddings.href description from 'relative
  filename' to 'full COS/S3 URL'.
- Comment: replace 'relative path so the JSON is portable' with accurate
  description of the COS/S3 URL written to the asset href.
- CLI: fix typos 'Url' -> 'URL' and 'were' -> 'where' in help text.
- item_template.json: close the example polygon ring (last coordinate
  matches the first, making it valid GeoJSON).
- item_template.json: remove leading space from 'licensing' value.

Signed-off-by: Ivan Birkmaier <ivanbirkmaier1@gmail.com>
@romeokienzler romeokienzler merged commit 0820ebe into claimed-framework:main Jul 3, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants