CEACStatusBot Web is a self-hosted visa status monitoring console for individuals and small operators. It combines U.S. visa CEAC status tracking, Canada IRCC Portal Alpha monitoring, Korea visa status checks, email notifications, account management, and an admin console in one deployable web application.
The public service is available at ceac.mikezhuang.cn.
This is a non-official product and is not affiliated with the U.S. Department of State, CEAC, GTS, IRCC, the Korea Visa Portal, CITIC Bank, or any government agency. Use it only if you understand and accept the risks of third-party query automation and cross-border data transmission.
CEACStatusBot is maintained as a nonprofit personal project. If it saves you time or reduces monitoring stress, voluntary support helps cover hosting and maintenance costs.
Contact: ceac-admin@mikezhuang.cn
CEACStatusBot is designed around one idea: visa monitoring should feel like a product, not a pile of scripts. The app gives users a single place to create profiles, trigger checks, review timelines, receive notifications, and manage sender settings. Operators get queue visibility, account controls, system logs, and a production-ready security baseline.
- U.S. visa CEAC status monitoring
- GTS passport appointment slot monitoring after
ApprovedorIssued - Canada IRCC Portal Alpha monitoring
- Korea Visa Portal status monitoring
- Email notifications, test emails, and custom SMTP settings
- Multi-user accounts, account tiers, and admin controls
- FastAPI backend with SQLite storage, APScheduler scheduling, and a standalone Worker queue consumer
- React + Vite + TypeScript frontend with Chinese and English UI
- Account registration, email verification, password reset, terms acceptance, and session management
- Automatic monitoring, manual refresh jobs, status timelines, and query history
- Encrypted storage for sensitive profile fields, SMTP credentials, IRCC credentials, and raw snapshots
- Admin console for account tiers, worker priority, queue visibility, security events, and sender configuration
CEAC profiles can run on schedule or on demand. Status changes and CEAC last-updated changes are written to history and can trigger notification emails. Standard and Premium accounts use different quotas, while admins are exempt.
GTS monitoring is linked to a CEAC profile and is intended only for detection and notification. It does not book, hold, or grab slots. Once a slot is detected, polling slows down; users can stop monitoring after they complete booking.
IRCC support is currently marked Alpha. The app compares multiple IRCC snapshots, records visible changes, and can send notification emails when application status, messages, or applicant-side biometric details change. Because IRCC access relies on user-authorized credentials and an unofficial integration path, this flow should be used carefully and only on deployments you trust.
Korea monitoring supports the current portal-based status lookup flow and records either structured status fields or the portal's "no data found" state as a valid snapshot.
Install backend dependencies:
pip install uv
uv sync
cp .env.example .envStart the backend:
uv run uvicorn CEACStatusBot.web.main:app --host 127.0.0.1 --port 8000 --reloadStart the Worker in another terminal:
uv run python -m CEACStatusBot.web.workerStart the frontend:
cd frontend
npm install
npm run devOpen http://127.0.0.1:5173.
Copy .env.example and review these values before any public deployment:
SECRET_KEY: session signing secret; must be changed in productionCREDENTIAL_KEY_FILE: path to the repository-external credential master keyDATABASE_PATH: SQLite database locationCOOKIE_SECURE=true: required behind HTTPSCORS_ORIGINS,CSRF_TRUSTED_ORIGINS,ALLOWED_HOSTS: production host allowlistsSYSTEM_FROM_EMAILand SMTP settings: default sender configuration
Demo accounts are disabled by default. If you need local-only seeded users, set SEED_DEFAULT_USERS=true and provide DEFAULT_ADMIN_EMAIL and DEFAULT_ADMIN_PASSWORD. Keep this disabled on public deployments.
CEACStatusBot/web/main.py: FastAPI application and API routesCEACStatusBot/web/worker.py: standalone queue consumerCEACStatusBot/web/case_service.py: CEAC and GTS case logicCEACStatusBot/web/ircc_portal_service.py: IRCC account, snapshot, and notification logicCEACStatusBot/web/korea_visa_service.py: Korea visa query and history logicfrontend/src/App.tsx: main frontend application
- Passwords use Argon2id hashing
- Sensitive fields and raw snapshots are encrypted with AES-256-GCM
- The credential master key is stored outside the repository
- Sensitive requests validate
OriginandReferer - Request size limits, host allowlists, rate limits, and security-event logging are enabled
- Third-party query targets are fixed; user input does not control request hosts
IRCC Portal Alpha stores user-authorized portal credentials to support scheduled monitoring. That is a higher-trust feature than plain CEAC polling. Treat it accordingly.
The clone chart is generated from GitHub Traffic API aggregates and preserved on the independent repo-metrics branch. Clone counts can include bots, CI jobs, and repeated pulls. They are operational signals, not verified user counts.
- DEPLOYMENT.md: production deployment
- OPERATIONS.md: day-2 operations and troubleshooting
- SECURITY.md: security model and incident handling
- SECURITY.en.md: public vulnerability disclosure policy
- THREAT_MODEL.md: assets, trust boundaries, and controls
- PRIVACY.md: stored data and self-hosting responsibilities
- CONTRIBUTING.md: contributor workflow
- ROADMAP.md: planned work
- CHANGELOG.md: release notes
- LOCATION.md: CEAC location references
- DESIGN.md: UI and design notes
This project is released under the GNU General Public License v3.0.
This project builds on ideas and parts of the original Andision/CEACStatusBot, then extends them into a multi-user web product.
