Dragonflight - self-hosted broadcast media asset management. SRT/RTMP/SDI ingest via Blackmagic DeckLink, FFmpeg proxy generation, growing-file editing via SMB + Premiere Pro CEP panel, BullMQ job queue, S3-compatible storage (RustFS). Replaces Grass Valley AMPP FramelightX.
002e5acb82
Scope (locked in via planning Q&A):
- Identity: local accounts only (PG users table) + existing bearer
tokens for headless callers.
- Transport: httpOnly cookie session for browser, Bearer for API.
- RBAC: admin / editor / viewer roles, plus an orthogonal
is_client flag for external (agency, talent, customer) accounts.
- Bootstrap: ADMIN_BOOTSTRAP_USER + ADMIN_BOOTSTRAP_PASSWORD env
seed the first admin on a clean install. Set ADMIN_BOOTSTRAP_RESET
to force-reset the named user (break-glass).
- Rate limit: in-memory, 10 fails per 15min per (IP, username).
- Password policy: \u22658 chars, mixed case, digit, symbol; small
blocklist of common passwords; cannot equal username.
- Self-service: change own display name + password. Everything
else (role, is_client, other-user mgmt) is admin only.
- Audit log: append-only table, indexed by actor + event_type +
created_at, populated by every auth/admin event.
Files added:
- services/mam-api/src/db/migrations/022-auth-rework.sql
users.is_client + last_login_at + failed_attempts; audit_log
table with FK to users (ON DELETE SET NULL).
- services/mam-api/src/middleware/audit.js
Fire-and-forget audit() helper. Caller never awaits, failure
logs but never throws — auditing cannot break the request
that triggered it.
- services/mam-api/src/middleware/passwordPolicy.js
Shared checkPassword(pw, { username }) used by setup, user
create/update, and self-service password change.
- services/mam-api/src/tasks/bootstrapAdmin.js
Runs after migrations. No-ops unless ADMIN_BOOTSTRAP_USER +
ADMIN_BOOTSTRAP_PASSWORD are set AND (users table empty OR
ADMIN_BOOTSTRAP_RESET=true).
- services/mam-api/src/routes/audit.js
Admin-only GET /audit (paginated, filter by event_type /
actor / target / date) and GET /audit/event-types.
- services/web-ui/public/modal-account-settings.jsx
Profile + Password tabs. Triggered by sidebar user button.
Files rewritten:
- services/mam-api/src/routes/auth.js
- POST /login: regenerate(), no manual save(); audit success/
fail/lockout; updates last_login_at + failed_attempts.
- POST /logout: destroys session, audits logout.
- GET /me: returns is_client + last_login_at. Synthetic admin
when AUTH_ENABLED=false.
- GET /setup-status: drives login.html UI state.
- POST /setup: blocked once any user exists; password policy.
- POST /password: self-service. Requires current pw, runs
policy, audits, invalidates other sessions implicitly via
users.js if changed by admin.
- PATCH /me: self-service display_name update.
- services/mam-api/src/routes/users.js
- is_client field in create/update/list/get.
- Guardrails: cannot delete or demote last admin, cannot
delete self, admins cannot be flagged is_client.
- Password change invalidates all sessions for that user
(DELETE FROM sessions WHERE sess->>'userId' = id).
- Audit on every mutation.
- Password policy enforced.
- services/mam-api/src/middleware/auth.js
- requireAuth now exposes req.user.is_client.
- New requireRole(["admin","editor"], { rejectClients: true })
helper. Applied to cluster, sdk, capture routes (infra).
- Synthetic user when AUTH_ENABLED=false has is_client=false.
- services/mam-api/src/index.js
- Loads bootstrap admin after migrations.
- Wires /api/v1/audit.
- Cleans up an earlier comment block.
- services/web-ui/public/login.html
- Password hint added next to setup-mode password field.
- services/web-ui/public/shell.jsx
- Sidebar user footer is a button that opens AccountSettings.
- CLIENT badge next to role when is_client=true.
- Nav filters: clients lose ingest tree + jobs + editor;
viewers lose ingest + editor; only admins see the Admin
section. Power button hidden when synthetic user.
- services/web-ui/public/screens-admin.jsx
- Users table: new Client column with inline toggle.
- InviteUserModal: Client checkbox + password hint, gated
off when role=admin.
- Last login column replaces Created in primary view.
- CSV export includes client + last_login.
- services/web-ui/public/data.jsx
- ZAMPP_DATA.ME carries is_client + display_name.
- services/web-ui/public/index.html
- Loads dist/modal-account-settings.js.
- services/web-ui/public/styles-rest.css
- .user-row grid widened to 6 columns.
- docker-compose.yml
- Plumbs SESSION_COOKIE_SECURE + ADMIN_BOOTSTRAP_* env vars.
Deploy:
cd /opt/wild-dragon
git pull origin main
# In .env:
# AUTH_ENABLED=true
# SESSION_SECRET=<openssl rand -hex 48>
# ADMIN_BOOTSTRAP_USER=admin
# ADMIN_BOOTSTRAP_PASSWORD=<strong>
docker compose build mam-api web-ui
docker compose up -d --force-recreate --no-deps mam-api web-ui
|
||
|---|---|---|
| deploy | ||
| docs | ||
| services | ||
| .env.example | ||
| .gitignore | ||
| DESIGN.md | ||
| docker-compose.gpu.yml | ||
| docker-compose.worker.yml | ||
| docker-compose.yml | ||
| PRODUCT.md | ||
| README.md | ||
| setup-repo.sh | ||
Dragonflight
Self-hosted broadcast media-asset management system that replaces legacy tools like Grass Valley AMPP and FramelightX. Handles live ingest, growing-file editing, scheduling, transcoding, and asset management in a single operator-focused interface.
Repo renamed from
wild-dragon→dragonflight(2026-05-23). The old URL still redirects.
Home Dashboard
The home screen provides quick access to all major features and displays system status at a glance:
- Library — Browse projects, bins, and assets with hover-scrub previews
- Recorders — View configured capture devices and their status
- Editor — Timeline editor with cross-clip preview and render queue
- Jobs — Proxy and thumbnail queue with retry controls
- Settings — Configure storage, encoder, growing files, and capture SDK
- Dashboard — Operations view showing recent activity, job queue, and cluster health
Core Features
1. Live Ingest & Capture
Multi-protocol source capture with per-recorder codec settings
Dragonflight ingests from multiple sources simultaneously:
- SRT (Secure Reliable Transport) — caller and listener modes
- RTMP — standard streaming protocol
- SDI — via Blackmagic DeckLink cards with FFmpeg SDK 16.x patches
Each recorder can be configured with independent codec settings:
- ProRes (hi-res masters)
- H.264 / H.265 (proxies)
- DNxHR (Avid compatibility)
Audio routing and per-source configuration ensure flexibility for multi-camera productions.
2. Growing-File Editing
Live editing in Premiere Pro while capture is still writing
Editors mount the SMB landing zone directly in Premiere Pro and edit the live master file as it's being written. The included CEP (Custom Extension Panel) provides:
- Real-time clip detection and frame-accurate trimming
- One-click relink to final S3 master after promotion
- No waiting for capture to finish before editorial begins
3. Recorder Scheduler
Time-windowed recording automation
Schedule recordings with:
- One-shot, daily, or weekly recurrence
- Automatic start/stop via 15-second tick loop
- Conflict detection across recorders
- Project and bin assignment at schedule time
4. Library & Asset Management
Browse, search, and organize captured footage
The Library screen provides:
- Project and bin hierarchy
- Asset detail view with frame-anchored persistent comments
- Right-click context menu (move-to-bin, rename, delete)
- Global cmd/ctrl-K search across assets, projects, recorders, jobs, and users
- Hover-scrub preview with HLS playback
5. Jobs Queue
BullMQ-backed proxy and thumbnail generation
Automated background processing:
- Per-job retry logic with exponential backoff
- Bulk "retry all failed" for batch recovery
- Inline error messages with actionable diagnostics
- Status tracking: ingesting → processing → ready
Proxy encoder options:
- CPU-based: libx264 (H.264)
- GPU-accelerated: NVENC (NVIDIA) or VAAPI (AMD/Intel)
6. Timeline Conform & Export
FCP XML export with server-side FFmpeg rendering
The Premiere Pro panel exports FCP XML with:
- Server-side conform via FFmpeg
- Multiple output formats: H.264, H.265, ProRes
- Resolution presets: Broadcast, Web, Archive
- Batch processing with job queue integration
7. Hi-Res Auto-Relink
One-click batch relink of proxy clips to frame-accurate server-trimmed masters
After editing on proxies:
- Select clips in Premiere
- Trigger relink from the CEP panel
- Server trims hi-res segments to exact in/out points
- Concurrent trim worker pool for speed
- 24-hour TTL with automatic cleanup
8. Settings & Configuration
Centralized control for storage, encoding, and capture
Configure:
- S3 Storage — endpoint, bucket, credentials (with env-var fallback)
- Proxy Encoder — CPU vs GPU, bitrate, resolution
- Growing Files — SMB path, retention, auto-promotion
- Capture SDK — Blackmagic, AJA, or Deltacast uploader selection
9. Cluster & Distributed Capture
Primary + worker topology with remote DeckLink nodes
- Primary node runs API, scheduler, and web UI
- Worker nodes handle proxy/thumbnail jobs
- Remote capture nodes run DeckLink cards off-host
- Heartbeat health monitoring
- Automatic failover and recovery
10. Admin & User Management
Role-based access, token auth, and cluster monitoring
- User creation and role assignment
- API token generation for integrations
- Container and cluster node status
- System health dashboard
Quick Start
# Clone (repo renamed; old URL still redirects)
git clone https://forge.wilddragon.net/zgaetano/dragonflight.git
cd dragonflight
# Configure
cp .env.example .env
# Edit .env — S3 credentials + SESSION_SECRET at minimum
# Launch
docker compose up -d
# Open
open http://localhost:47434
Architecture
SDI / SRT / RTMP ──► capture (FFmpeg)
├─ HLS preview tee ──► /live/<assetId>/index.m3u8
└─ master output
├─ growing_enabled=true:
│ /growing/<projectId>/<clip>.mov
│ (Premiere mounts SMB, edits live)
│ └─► promotion worker uploads to S3
│
└─ growing_enabled=false:
multipart stream → S3
assets POST ──► proxy job ──► worker
├─ libx264 (CPU) or NVENC/VAAPI (GPU)
├─ thumbnail job
└─ status: ingesting → processing → ready
Tech Stack
- Runtime: Node.js 22, Docker Compose
- Backend: Express, PostgreSQL 16, Redis 7 + BullMQ
- Frontend: Vanilla React via in-browser Babel (no bundler), hls.js
- Media: FFmpeg 7.1 with SDK 16 DeckLink patches
- Codecs: ProRes, H.264, H.265, DNxHR, MOV/MP4/MXF containers
- Storage: S3-compatible (RustFS) for masters, proxies, thumbnails
Services
| Service | Port | Purpose |
|---|---|---|
| web-ui | 47434 | Browser SPA + capture controls |
| mam-api | 47432 | REST API + recorder orchestration + scheduler |
| capture | 47433 / 9000 / 1935 | DeckLink/SRT/RTMP ingest sidecar |
| worker | — | BullMQ proxy + thumbnail workers |
| db | 5432 | PostgreSQL 16 |
| queue | 6379 | Redis 7 |
Workflow Example: Live-to-Edit
- Operator schedules a recording on Recorder A for 14:00–15:30, assigns to "News/Segment-A" project
- Capture starts at 14:00, writes ProRes master to SMB landing zone
- Editor mounts SMB in Premiere, opens the live .mov file via the CEP panel
- Editor trims and marks in/out points while capture is still writing
- Capture finishes at 15:30, promotion worker uploads master to S3
- Editor clicks "Relink to Master" in CEP panel
- Server trims hi-res segment to exact in/out, stores for 24 hours
- Premiere relinks proxy clips to trimmed master
- Editor exports final timeline via FCP XML conform
Total time from end of capture to relinked master: ~2 minutes.
Operations
deploy/api-smoke.sh— verify every API endpoint after deploydeploy/onboard-node.sh— provision a remote worker hostdeploy/test-cluster.sh— primary↔worker connectivity smoke testdocs/GROWING_FILES_QUICKSTART.md— Premiere CEP panel install + growing-file flow
License
Proprietary — Wild Dragon LLC, all rights reserved.