The SpyWeb Master Guide

High-performance web monitoring with zero dependencies

7 Hook Stages Hot Reload Error Resilient

Overview

SpyWeb is a zero-dependency web monitoring engine that lets you customize every stage of the pipeline with Lua scripts (Luau dialect). Place a hooks.lua alongside your job's config.toml and define any combination of 7 hook functions.

All hooks are optional. Omit any you don't need — spyweb runs fine with just a config.toml.

Key Rules

  • Return the value (modified or not) to continue the pipeline
  • Return nil or false to drop/skip (behavior varies per hook)
  • Plain Lua globals persist across runs only while the job task stays alive
  • store_* is job-scoped persistent storage and global_store_* is shared across jobs
  • Hot-reload creates a fresh Lua VM and resets global Lua state, but stored values survive
  • Hook errors are logged and skipped — they never crash the job
  • Efficiency: Only define the hooks you actually need. SpyWeb pre-detects which functions exist at startup and skips the processing logic entirely for any that are missing.

Pipeline Stages

Every scrape run flows through these stages in order:

before_fetch(request) executor thread
Modify URL, headers, or return nil to skip this run entirely
[HTTP fetch] background thread
Automatic — uses request config from previous stage
after_fetch(fetch_result) executor thread
Inspect success or failure, mutate body on success, or return a synthetic response to recover from fetch errors
[CSS extraction] background thread
Automatic — raw parser with DOM fallback
after_extract(items) executor thread
Batch filter/modify all items. nil or empty = no items
filter_item(item) executor thread
Per-item filter. Replaces built-in keyword filter if defined
before_store(items) executor thread
Last chance before DB insert. nil = skip store + notify
[dedup + insert] background thread
Automatic — atomic check-and-insert
before_notify(items) executor thread
Reshape or silence notifications. Items already stored
before_webhook(payload) executor thread
Reshape or silence webhook POSTs. Full JSON payload
[notify + webhook] background thread
Automatic — desktop notification + webhook POST

File Setup

Each job with Lua hooks lives in its own directory under jobs/:

jobs/
└── my-scraper/
    ├── config.toml    # job configuration (required)
    └── hooks.lua       # Lua hooks (optional)

spyweb auto-discovers hooks.lua when loading the job. No config changes needed — just create the file.

🚀 VPS Deployment

Run SpyWeb on a VPS to ensure 24/7 monitoring even when your laptop is closed. We've prepared a comprehensive guide covering:

  • Binary installation & permissions
  • Running as a Systemd background service
  • Secure UI access (SSH Tunnels, Nginx, Firewalls)
  • Recommended terminal editor setup
View full VPS Deployment Guide →

Hook Reference

1 before_fetch(request)

Called before every HTTP request. Modify the URL, add headers, or skip entirely.

Field Type Mutable Description
request.url string Target URL
request.headers table HTTP headers (string→string)
Return Effect
request table Continue with modified request
nil / false Skip this entire run 
-- Basic: add auth header
function before_fetch(request)
    request.headers["Authorization"] = "Bearer my-token"
    return request
end

2 after_fetch(fetch_result)

Called after every fetch attempt. It receives either a successful response snapshot or a fetch error snapshot. On successful fetches, only body is accepted back into the pipeline. On failed fetches, Lua may return a full synthetic response table to continue extraction anyway.

Field Type Mutable Description
fetch_result.ok boolean true on success, false on fetch error
fetch_result.body string Response body on success
fetch_result.status number HTTP status code on success
fetch_result.url string Final URL on success
fetch_result.headers table Response headers on success
fetch_result.proxy string / nil Selected proxy on success
fetch_result.error string Error message on fetch failure
Return Effect
table Continue. On success only body is taken back; on failure a full response can be synthesized
nil / false Skip extraction for this run 
function after_fetch(fetch_result)
    if not fetch_result.ok then
        notify("Fetch failed", fetch_result.error, 8000)
        return nil
    end

    if fetch_result.status ~= 200 then
        print("Bad status: " .. fetch_result.status)
        return nil  -- skip extraction
    end

    -- Strip unwanted content from the body
    fetch_result.body = fetch_result.body:gsub("<script.-</script>", "")
    return fetch_result
end
function after_fetch(fetch_result)
    if fetch_result.ok then
        return fetch_result
    end

    -- Recover from DNS/network failure with synthetic content
    notify("Using fallback response", fetch_result.error)
    return {
        body = "<html><body><div class='item'>fallback</div></body></html>",
        status = 599,
        url = "fallback://local",
        headers = {}
    }
end

3 after_extract(items)

Batch hook — receives all extracted items at once. Good for cross-item logic, dedup, or sorting.

No short-circuit: returning nil or empty table just means no items, not a pipeline abort.

function after_extract(items)
    -- Remove duplicate titles
    local seen = {}
    local unique = {}
    for _, item in ipairs(items) do
        local title = item.fields.title or ""
        if not seen[title] and title ~= "" then
            seen[title] = true
            table.insert(unique, item)
        end
    end
    return unique
end

4 filter_item(item)

Mutually exclusive with keyword filter. If filter_item() exists in your script, the built-in keyword filter is skipped entirely — even if you have keywords in your config.

Called once per item. Return the item to keep it, or nil to drop it before it reaches the database.

Field Type Mutable
item.fields table (string→string)
item.matches array of strings 
function filter_item(item)
    local title = (item.fields.title or ""):lower()

    -- Drop unwanted items
    if title == "" or title:find("sponsored") then
        return nil
    end

    -- Mutate fields before storage
    item.fields.title = title:sub(1,1):upper() .. title:sub(2)

    return item
end

5 before_store(items)

⚠️ Footgun warning: Items dropped by before_store returning nil never enter the database. This means they will appear as new again on the next run, because the DB has no record of them. This is intentional but can cause infinite notification loops if misused.

Last chance to drop items before dedup + insert. Return nil to skip storing and notifying. 

function before_store(items)
    -- Only store during business hours
    local hour = os.date("*t").hour
    if hour < 9 or hour > 17 then
        return nil  -- don't store, don't notify
    end
    return items
end

6 before_notify(items)

Reshape or silence notifications. Items are already stored at this point — dropping them here only affects what gets notified/webhoked.

function before_notify(items)
    -- Silence notifications if fewer than 3 new items
    if #items < 3 then return nil end

    -- Only notify for the first 5 items
    local capped = {}
    for i = 1, math.min(#items, 5) do
        capped[i] = items[i]
    end
    return capped
end

7 before_webhook(payload)

Reshape or silence webhook POSTs. Receives the full JSON payload (job_name, item_count, items).

function before_webhook(payload)
    -- Add a secret token to the payload
    payload.secret = "my-secure-token"
    
    -- Filter items in the webhook but keep them in the notification
    local filtered = {}
    for _, item in ipairs(payload.items) do
        if tonumber(item.fields.price) < 100 then
            table.insert(filtered, item)
        end
    end
    payload.items = filtered
    payload.item_count = #filtered
    
    if #filtered == 0 then return nil end -- skip webhook
    return payload
end

Global Functions

spyweb injects several global helper functions into the Lua environment for networking, notifications, logging, and storage.

Storage & Persistence

SpyWeb supports state management through both Runtime Memory (transient) and an Embedded Database (persistent). Memory is fast but resets on reload; the database survives restarts.

💡 Race Condition Note: Both Runtime Memory and Job-Local Storage are safe by default. Hooks for a single job are execution-locked (sequential), so race conditions are impossible within a single job. Use global_store_incr strictly when you need to mutate state shared across multiple concurrent jobs.
Function Description
store_set(key, value) Save a string (prefixed with job name)
store_get(key) Retrieve a string or nil
store_delete(key) Remove a key

Example: Job-Scoped Counter

local c = tonumber(store_get("count") or "0")
store_set("count", tostring(c + 1))
Function Description
global_store_set(key, value) Save a string (shared across all jobs)
global_store_get(key) Retrieve a shared string or nil
global_store_delete(key) Remove a shared key
global_store_incr(k, def, delta) Atomic shared increment across all jobs

Example: Atomic Shared Logic

-- WRONG APPROACH (race condition prone)
local v = tonumber(global_store_get("visits") or "0")
global_store_set("visits", tostring(v + 1))

-- CORRECT APPROACH (race condition safe)
global_store_incr("visits", 0, 1)
⚠️ Resets on hot-reload or restart. Use for transient state only.

Standard Lua variables persist in memory as long as the job is active. Because each job runs in its own Isolated VM, these variables are naturally job-scoped and cannot be accessed by other jobs.

SpyWeb also maintains a runtime-owned global, last_fetch, which is overwritten on every fetch attempt and persists until the next fetch. It reflects the last successful or failed fetch snapshot for that job VM.

Example: Simple Memory Counter

-- This resets to 1 if you edit hooks.lua or restart SpyWeb
visit_count = (visit_count or 0) + 1
log("Session visit: " .. visit_count)

Example: Inspect the last fetch in a later hook

function before_webhook(payload)
    if last_fetch and last_fetch.ok and last_fetch.body then
        local count = 0
        for _ in last_fetch.body:gmatch("promo") do
            count = count + 1
        end
        payload.last_fetch_promo_hits = count
    end
    return payload
end

http_get(url, [headers])

Performs a synchronous HTTP GET request. The headers argument is an optional Lua table containing key-value pairs for request headers.

local html = http_get("https://api.example.com", {
    ["Authorization"] = "Bearer token123",
    ["X-Custom-Header"] = "my-value"
})

http_post(url, body, [headers])

Performs a synchronous HTTP POST request. By default, it sets the Content-Type to application/x-www-form-urlencoded unless overridden in the headers argument. 

local response = http_post("https://api.example.com", '{"foo":"bar"}', {
    ["Content-Type"] = "application/json",
    ["Accept"] = "application/json"
})

json_encode(table)

Converts a Lua table or value into a JSON string. Handles nested tables, arrays, booleans, and nulls automatically using Rust's high-performance serde_json engine.

local payload = {
    url = "https://example.com",
    options = { waitUntil = "networkidle2" }
}
local body = json_encode(payload)
local resp = http_post("https://api.render.com", body, {["Content-Type"]="application/json"})

json_decode(string)

Parses a JSON string into a native Lua table. Returns nil and logs an error if the JSON is malformed.

local data = json_decode('{"status": "ok", "count": 42}')
log("Status is: " .. data.status)

notify(title, body, [timeout_ms])

Sends a desktop notification immediately from Lua. This is a thin wrapper around SpyWeb's native notification sender and can be used from any hook, including error paths that never reach the normal notify stage.

Headless environments: desktop notifications are typically unavailable on servers, cloud hosts, containers, and other headless environments. In those cases notify(...) silently skips the notification and SpyWeb logs the underlying OS/backend error. 
function after_fetch(fetch_result)
    if not fetch_result.ok then
        notify("Network error", fetch_result.error, 10000)
        return nil
    end
    return fetch_result
end

log(message)

Appends a message to hook.log inside the job's directory. This is the recommended way to debug hooks without using external libraries.

function after_extract(items)
    log("Extracted " .. #items .. " items from " .. request.url)
    return items
end

Config Reference

Jobs in SpyWeb are configured via TOML. You can use a single jobs.toml or a modular jobs/my-job/config.toml structure.

Job Config

Field Type Default Description
name string required Unique job name
url string required Target URL
selector string required CSS selector for items
fields array required Fields to extract
interval u32 30 Run interval (seconds)
keywords string[] none Filter by keywords
hash_fields string[] all Fields for dedup hash
headers table none Custom HTTP headers

Validation Rules

  • interval must be > 0
  • All URLs must be absolute (including webhooks/proxies)
  • Job names and normalized IDs must be unique
  • hash_fields must exist in the extracted fields

Field Syntax

# Shorthand
fields = ["title:h2", "link:a@href"]

# Full form
fields = [
  { name = "title", selector = "h2", att = "text" }
]

Deduplication (hash_fields)

By default, SpyWeb hashes all extracted fields. Use hash_fields to ignore volatile data like "time ago" or "view count": 

# Only use the link to determine if an item is new
hash_fields = ["link"]

Advanced Features

[proxy]
enabled = true
rotate = "RoundRobin" # or "Sticky", "Random"
urls = ["socks5://p1:1080", "http://p2:8080"]
[webhook]
enabled = true
url = "https://hooks.example.com/spyweb"
headers = { "Authorization" = "Bearer token" }
[notification]
enabled = true
title = "{item_count} new items in {job_name}"
body = "Title: {title}\nLink: {link}"

Available tags: {job_name}, {item_count}, {matches}, and any field name.

REST API

SpyWeb runs a built-in web server on 127.0.0.1:7979 which serves both the dashboard UI and a JSON API for querying your scraped records.

Endpoint Description
GET / HTML records viewer (The UI dashboard)
GET /api/records?job_id=<id> Fetch JSON records for a specific job
GET /api/records?job_id=<id>&limit=50&after=<ts> Paginated record access
GET /api/jobs List all active job IDs and their status
💡 Bring Your Own UI: The default dashboard is served from ui/index.html. Because SpyWeb serves this dynamically, you can replace it with your own React/Vue build instantly — no restart required.

Examples

The "Sentinel" Pattern: Transform SpyWeb into an autonomous monitoring agent. Features a Circuit Breaker with Self-Healing, failure masking, and Price Drop Detection using persistent storage to track state across scrape runs. 

-- ==========================================================================
-- SPYWEB SENTINEL: The "Set & Forget" VPS Monitor
-- ==========================================================================
-- This script transforms SpyWeb into an autonomous monitoring agent ideal 
-- for long-term VPS deployments. 
--
-- SMART FEATURES:
-- 1. ntfy.sh Integration: Sends push alerts to your phone (no registration).
-- 2. Failure Masking: Ignores random network blips; only alerts on real issues.
-- 3. Circuit Breaker: Stops hitting the site if you get banned or it goes down.
-- 4. Self-Healing: Automatically tries to recover after a 24-hour cooldown.
-- 5. VIP Alerts: Only sends push notifications for "PRICE DROP" items.
-- ==========================================================================


-- --------------------------------------------------------------------------
-- 1. CONFIGURATION
-- --------------------------------------------------------------------------
local NTFY_TOPIC = "my-spyweb-alerts" -- CHANGE THIS to your unique topic
local FAIL_THRESHOLD = 30             -- Alert after 30 consecutive failures
local STOP_THRESHOLD = 50             -- Stop fetching after 50 failures

-- --------------------------------------------------------------------------
-- 2. HELPERS
-- Subscribe to a topic on ntfy.sh to receive these alerts on your phone.
-- --------------------------------------------------------------------------
function send_push(title, message, priority)
    log("Pushing alert: " .. title)
    http_post("https://ntfy.sh/" .. NTFY_TOPIC, message, {
        ["Title"] = title,
        ["Priority"] = tostring(priority or 3),
        ["Tags"] = "spyweb,sentinel"
    })
end

-- --------------------------------------------------------------------------
-- 3. STATE (Persists across hot-reload and process restart)
-- --------------------------------------------------------------------------
local ONE_DAY = 24 * 60 * 60 -- 24 hours in seconds

-- --------------------------------------------------------------------------
-- 4. HOOKS
-- --------------------------------------------------------------------------

-- Circuit Breaker & Self-Healing: Stop fetching on fatal errors, 
-- but try to revive the job automatically after 24 hours.
function before_fetch(request)
    local fail_count = tonumber(store_get("fail_count")) or 0
    local stop_time = tonumber(store_get("stop_time")) or 0

    if fail_count >= STOP_THRESHOLD then
        local now = os.time()
        local elapsed = now - stop_time
        
        if elapsed < ONE_DAY then
            return nil -- Still in cooldown
        else
            log("Cooldown finished. Attempting auto-recovery probe...")
            store_set("stop_time", tostring(now)) -- Reset the 24h clock for the probe
        end
    end
    return request
end

-- Track failures and only alert when a real problem persists.
-- Aborts extraction (returns nil) on any failure.
function after_fetch(fetch_result)
    local fail_count = tonumber(store_get("fail_count")) or 0
    local is_failure = not fetch_result.ok or fetch_result.status ~= 200

    if is_failure then
        -- Handle specific fatal errors immediately
        if fetch_result.status == 403 then
            log("💀 [FATAL] 403 Forbidden detected. We are likely banned. Entering cooldown.")
            store_set("fail_count", tostring(STOP_THRESHOLD))
            store_set("stop_time", tostring(os.time()))
            send_push("💀 BANNED (403)", "Target site has blocked our IP. Backing off for 24h.", 5)
            return nil
        end

        if fetch_result.status == 404 then
            log("⚠️ [WARNING] 404 Not Found. The URL might have changed or been removed.")
            send_push("⚠️ URL Changed (404)", "The target page is missing. Check your config.", 4)
            -- We don't increment fail_count for 404 to avoid circuit breaking on a dead link
            return nil
        end

        -- Standard failure (timeout, network drop, etc)
        fail_count = fail_count + 1
        store_set("fail_count", tostring(fail_count))
        log("Run failed. Fail count: " .. fail_count .. " | Error: " .. (fetch_result.error or fetch_result.status))

        if fail_count == FAIL_THRESHOLD then
            local err = fetch_result.ok and ("HTTP " .. fetch_result.status) or fetch_result.error
            send_push("🚨 Job Failing", "Ongoing issues: " .. err, 4)
        elseif fail_count == STOP_THRESHOLD then
            store_set("stop_time", tostring(os.time()))
            send_push("💀 FATAL: Backing Off", "Reached " .. STOP_THRESHOLD .. " failures. Entering 24h cooldown.", 5)
        end
        return nil -- Stop the pipeline here
    end

    -- Success! Reset counters if we were previously failing.
    if fail_count >= FAIL_THRESHOLD then
        log("✅ Recovery detected. Clearing failure counters.")
        send_push("✅ Job Recovered", "Monitoring is back online.", 3)
    end
    store_delete("fail_count")
    store_delete("stop_time")
    return fetch_result
end

-- --------------------------------------------------------------------------
-- 5. PRICE DROP ALERTS
-- --------------------------------------------------------------------------
-- Monitor for price drops or sales. This demonstrates using the persistent
-- store to track state (lowest price) across different scrape runs.

function before_notify(items)
    for _, item in ipairs(items) do
        -- Clean currency symbols (e.g., "$1,200" -> "1200")
        local price_str = (item.fields.price or "0"):gsub("[^%d%.]", "")
        local price = tonumber(price_str) or 0
        local title = (item.fields.title or ""):upper()
        
        -- Check persistent store for the last seen minimum price
        local storage_key = "min_price_" .. (item.fields.id or item.fields.title)
        local last_min = tonumber(store_get(storage_key) or "999999")

        if price > 0 and price < last_min then
            send_push("📉 PRICE DROP: " .. item.fields.title, 
                      "Now $" .. price .. "! (Was $" .. last_min .. ")", 4)
            store_set(storage_key, tostring(price))
        elseif title:find("SALE") or title:find("OFF") then
            send_push("🎁 ON SALE: " .. item.fields.title, "Check it out!", 3)
        end
    end
    return items
end

-- --------------------------------------------------------------------------
-- 6. HEARTBEAT (Optional)
-- --------------------------------------------------------------------------
-- Enable this to get a once-a-day "Hi" so you know the VPS is still running.
-- Note: Must be integrated into an active hook (e.g., before_fetch).
-- last_heartbeat = tonumber(store_get("last_heartbeat") or "0")
-- local now = os.time()
-- if now - last_heartbeat >= (24 * 60 * 60) then
--     send_push("💓 Heartbeat", "Hey! Just letting you know I'm alive and kicking.", 2)
--     store_set("last_heartbeat", tostring(now))
-- end

Cycle through pages using a Lua global counter:

-- hook.lua — globals persist while the job process stays alive
function before_fetch(request)
    page = page or 1
    if string.find(request.url, "?") then
        request.url = request.url .. "&page=" .. page
    else
        request.url = request.url .. "?page=" .. page
    end
    page = page + 1
    if page > 5 then page = 1 end
    -- Use store_set("page", ...) if you want this to survive restart.
    return request
end

function filter_item(item)
    if (item.fields.title or "") == "" then
        return nil
    end
    return item
end

Replace the keyword filter with custom Lua logic:

-- hook.lua — replaces built-in keyword filter
blocked = { ["spam co"] = true }

function filter_item(item)
    local title = (item.fields.title or ""):lower()
    local company = (item.fields.company or ""):lower()

    if blocked[company] then return nil end
    if title:find("intern") then return nil end

    -- Must mention a wanted tech
    local dominated_by = false
    for _, tech in ipairs({"rust","go","python"}) do
        if title:find(tech) then
            dominated_by = true
            break
        end
    end
    if not dominated_by then return nil end

    return item
end

Add auth headers dynamically:

-- hook.lua — dynamic headers
function before_fetch(request)
    request.headers["Authorization"] = "Bearer my-api-key"
    request.headers["X-Custom"] = "spyweb"
    return request
end

function after_fetch(fetch_result)
    if not fetch_result.ok then
        notify("Auth request failed", fetch_result.error)
        return nil
    end
    if fetch_result.status == 401 then
        print("Auth failed!")
        return nil
    end
    return fetch_result
end

Tips & Gotchas

Topic Detail
Persistent storage store_* is job-scoped. global_store_* is shared. Atomic logic is only needed in global state via global_store_incr.
Globals persist Plain Lua globals survive across runs only while the current job task stays alive. Hot-reload resets them with a fresh VM.
filter_item vs keywords Mutually exclusive. If filter_item() exists, the built-in keyword filter does not run at all.
Error handling Hook errors are logged to stderr and skipped. The pipeline continues with the original data. A broken script never kills a job.
before_store footgun Items dropped by before_store have no DB record and will reappear as new next run. Use filter_item for permanent drops.
Threading Hooks run on the async executor thread. Blocking HTTP and DB operations run in background threads. Lua code should be fast and non-blocking.
Remote Editing Running on a VPS? Use Helix + LSP for a high-performance terminal IDE. See our VPS Deployment Guide.
Luau dialect SpyWeb uses Luau by default for stability. For standard Lua 5.4 support (enabling C-modules), see the Building from Source guide.
Standard Libraries Access os.time, os.date, math.*, and require for code sharing. Modules are searched in the job's directory first, then in the global shared/ folder. The io library is disabled; use log() instead.
Logging Calls to log(msg) append to hook.log in the job's directory. This file is persistent and useful for long-term debugging.
Hot reload Edit config.toml or hooks.lua → spyweb auto-detects changes and reloads. All Lua state resets. No restart needed.
Deduplication By default, SpyWeb hashes all fields to determine uniqueness. Use hash_fields only if you want to lock an item's identity to a specific field (like a URL) and ignore changes in volatile data (like "time ago").