Fix critical security and stability issues from audit

Security Fixes:
- Fix SSRF protection with proper CIDR range checking (ipaddress module)
- Now blocks 172.16.0.0/12, IPv6 loopback, link-local, carrier-grade NAT
- Block internal hostnames (.local, .internal)

Stability Fixes:
- Fix Docker container_name vs replicas conflict in compose.yml
- Fix async webhook calls missing asyncio.run() in error handlers
- Fix synchronous file I/O in async context (cached storage config)

Configuration Improvements:
- Add MAX_OPERATIONS_PER_JOB setting (consolidated from hardcoded values)
- Update default credentials to clearly dev-only values
- Add warning comments about development-only defaults

Documentation:
- Add comprehensive developer documentation (docs/developer/)
- Add user manual documentation (docs/user-manual/)
- Update project branding to Rendiff with FFmpeg acknowledgment

Author: alokemajumder

.env.example

@@ -1,4 +1,5 @@
-# FFmpeg API - Production Environment Configuration
+# Rendiff - Production Environment Configuration
+# A REST API layer powered by FFmpeg for media processing
 # Copy this file to .env and configure for your environment
 
 # =============================================================================
@@ -22,10 +23,10 @@ API_LOG_LEVEL=info
 # =============================================================================
 
 # Production PostgreSQL (Recommended)
-DATABASE_URL=postgresql://ffmpeg_user:your_secure_password@postgres:5432/ffmpeg_api
+DATABASE_URL=postgresql://rendiff_user:your_secure_password@postgres:5432/rendiff
 
-# Alternative: SQLite (Development Only)  
-# DATABASE_URL=sqlite+aiosqlite:///data/ffmpeg_api.db
+# Alternative: SQLite (Development Only)
+# DATABASE_URL=sqlite+aiosqlite:///data/rendiff.db
 
 # Database Pool Settings
 DATABASE_POOL_SIZE=20
@@ -52,7 +53,7 @@ WORKER_TASK_TIME_LIMIT=21600
 # Storage Paths
 STORAGE_CONFIG=/app/config/storage.yml
 STORAGE_PATH=./storage
-TEMP_PATH=/tmp/ffmpeg_api
+TEMP_PATH=/tmp/rendiff
 
 # Data Persistence Paths (for Docker volumes)
 POSTGRES_DATA_PATH=./data/postgres
@@ -116,6 +117,7 @@ GRAFANA_PASSWORD=your_secure_grafana_password
 MAX_UPLOAD_SIZE=10737418240
 MAX_JOB_DURATION=21600
 MAX_CONCURRENT_JOBS_PER_KEY=10
+MAX_OPERATIONS_PER_JOB=50
 JOB_RETENTION_DAYS=7
 
 # =============================================================================
@@ -148,7 +150,7 @@ CLAMAV_PORT=3310
 # COMPOSE_PROFILES=gpu,monitoring # GPU + Monitoring
 
 # Network Configuration
-# COMPOSE_PROJECT_NAME=ffmpeg-api
+# COMPOSE_PROJECT_NAME=rendiff
 
 # =============================================================================
 # CLOUD STORAGE (Optional)

.github/workflows/ci.yml

@@ -42,5 +42,5 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |
-            ghcr.io/${{ github.repository_owner }}/ffmpeg-api-service:latest
-            ghcr.io/${{ github.repository_owner }}/ffmpeg-api-service:${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/rendiff:latest
+            ghcr.io/${{ github.repository_owner }}/rendiff:${{ github.sha }}

.github/workflows/stable-build.yml

@@ -98,7 +98,7 @@ jobs:
         context: .
         file: ${{ matrix.dockerfile }}
         build-args: ${{ matrix.build_args }}
-        tags: ffmpeg-${{ matrix.component }}:test
+        tags: rendiff-${{ matrix.component }}:test
         load: true
         cache-from: type=gha
         cache-to: type=gha,mode=max
@@ -108,14 +108,14 @@ jobs:
         echo "Testing critical dependencies in ${{ matrix.component }}..."
         
         # Test psycopg2-binary (the main fix)
-        docker run --rm ffmpeg-${{ matrix.component }}:test python -c "
+        docker run --rm rendiff-${{ matrix.component }}:test python -c "
         import psycopg2
         print(f'✅ psycopg2-binary: {psycopg2.__version__}')
         "
         
         # Test other critical dependencies
         if [ "${{ matrix.component }}" = "api" ]; then
-          docker run --rm ffmpeg-${{ matrix.component }}:test python -c "
+          docker run --rm rendiff-${{ matrix.component }}:test python -c "
           import fastapi, sqlalchemy, asyncpg
           print(f'✅ FastAPI: {fastapi.__version__}')
           print(f'✅ SQLAlchemy: {sqlalchemy.__version__}')
@@ -124,7 +124,7 @@ jobs:
         fi
         
         if [[ "${{ matrix.component }}" == worker* ]]; then
-          docker run --rm ffmpeg-${{ matrix.component }}:test python -c "
+          docker run --rm rendiff-${{ matrix.component }}:test python -c "
           import celery, redis
           print(f'✅ Celery: {celery.__version__}')
           print(f'✅ Redis: {redis.__version__}')
@@ -151,18 +151,18 @@ jobs:
         context: .
         file: docker/api/Dockerfile.new
         build-args: "PYTHON_VERSION=${{ env.PYTHON_VERSION }}"
-        tags: ffmpeg-api:ffmpeg-test
+        tags: rendiff-api:ffmpeg-test
         load: true
 
     - name: Test FFmpeg functionality
       run: |
         echo "Testing FFmpeg installation and basic functionality..."
         
         # Test FFmpeg version
-        docker run --rm ffmpeg-api:ffmpeg-test ffmpeg -version | head -1
+        docker run --rm rendiff-api:ffmpeg-test ffmpeg -version | head -1
         
         # Test FFmpeg basic functionality with a simple command
-        docker run --rm ffmpeg-api:ffmpeg-test ffmpeg -f lavfi -i testsrc=duration=1:size=320x240:rate=1 -t 1 test.mp4
+        docker run --rm rendiff-api:ffmpeg-test ffmpeg -f lavfi -i testsrc=duration=1:size=320x240:rate=1 -t 1 test.mp4
         
         echo "✅ FFmpeg installation and basic functionality verified"
 
@@ -221,13 +221,13 @@ jobs:
         context: .
         file: docker/api/Dockerfile.new
         build-args: "PYTHON_VERSION=${{ env.PYTHON_VERSION }}"
-        tags: ffmpeg-api:security-scan
+        tags: rendiff-api:security-scan
         load: true
 
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: 'ffmpeg-api:security-scan'
+        image-ref: 'rendiff-api:security-scan'
         format: 'sarif'
         output: 'trivy-results.sarif'
 

CHANGELOG.md

@@ -1,6 +1,8 @@
 # Changelog
 
-All notable changes to the FFmpeg API project will be documented in this file.
+All notable changes to the Rendiff project will be documented in this file.
+
+> **Note:** Rendiff is a REST API layer powered by FFmpeg for media processing.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

CONTRIBUTING.md

@@ -1,6 +1,8 @@
-# Contributing to FFmpeg API
+# Contributing to Rendiff
 
-We welcome contributions to the FFmpeg API project! This guide will help you get started.
+We welcome contributions to Rendiff! This guide will help you get started.
+
+> **Note:** Rendiff is a REST API layer powered by FFmpeg. All media processing is handled by FFmpeg under the hood.
 
 ## Code of Conduct
 
@@ -30,8 +32,8 @@ Please note that this project is released with a Contributor Code of Conduct. By
 
 ```bash
 # Clone your fork
-git clone https://github.com/yourusername/ffmpeg-api.git
-cd ffmpeg-api
+git clone https://github.com/yourusername/rendiff-dev.git
+cd rendiff-dev
 
 # Install dependencies
 pip install -r requirements.txt
@@ -94,4 +96,4 @@ Closes #123
 
 Feel free to open an issue for any questions about contributing.
 
-Thank you for contributing to FFmpeg API!
+Thank you for contributing to Rendiff!

DEPLOYMENT.md

@@ -1,10 +1,12 @@
 # Production Deployment Guide
 
-Complete guide for deploying the FFmpeg API to production environments.
+Complete guide for deploying Rendiff to production environments.
 
 ## 📊 Executive Summary
 
-The Rendiff FFmpeg API is a **production-ready**, **fully containerized** video processing service with **zero manual configuration** required. It provides enterprise-grade video/audio processing capabilities with optional AI-enhanced features.
+**Rendiff** is a **production-ready**, **fully containerized** media processing API **powered by FFmpeg**. It provides enterprise-grade video/audio processing capabilities with optional AI-enhanced features.
+
+> **Powered by FFmpeg:** All media processing operations are handled by FFmpeg under the hood. Rendiff provides a clean REST API layer on top of FFmpeg's powerful capabilities.
 
 ### 🎯 Key Features
 
@@ -33,17 +35,17 @@ The Rendiff FFmpeg API is a **production-ready**, **fully containerized** video
 ### Standard Deployment (Recommended)
 ```bash
 # Clone and deploy - no setup required!
-git clone https://github.com/rendiffdev/ffmpeg-api.git
-cd ffmpeg-api
+git clone https://github.com/rendiffdev/rendiff-dev.git
+cd rendiff-dev
 docker compose up -d
 
 # That's it! The API is now running at http://localhost:8080
 ```
 
 ### AI-Enhanced Deployment (GPU Required)
 ```bash
-git clone https://github.com/rendiffdev/ffmpeg-api.git
-cd ffmpeg-api
+git clone https://github.com/rendiffdev/rendiff-dev.git
+cd rendiff-dev
 docker compose -f docker compose.yml -f docker compose.genai.yml up -d
 ```