@studiomeyer/mcp-video 1.0.0 → 1.0.1

package/src/lib/url-guard.ts

@@ -0,0 +1,143 @@
+/**
+ * URL safety guard for any tool that fetches/navigates user-supplied URLs.
+ *
+ * Blocks four classes of SSRF abuse that an AI assistant can stumble into
+ * when the server is asked to open arbitrary URLs:
+ *   1. Non-http(s) schemes (file://, ftp://, gopher://, data: etc.)
+ *   2. Loopback + link-local + RFC1918 + cloud metadata endpoints
+ *   3. IPv6-mapped IPv4 (::ffff:127.0.0.1) that slips past IPv4 regex
+ *   4. DNS-rebinding — hostnames that resolve to internal IPs
+ *
+ * Three entry points:
+ *   • guardUrl(raw)            sync — scheme + literal-host check
+ *   • resolveAndGuardUrl(raw)  async — adds DNS.lookup(family:0) on the host
+ *   • guardFinalUrl(raw)       sync — post-redirect check, reuses guardUrl
+ *
+ * Opt-in escape hatch for local dev: set MCP_VIDEO_ALLOW_INTERNAL=1.
+ */
+
+import { lookup } from 'node:dns/promises';
+
+export type UrlGuardResult = { ok: true; url: string } | { ok: false; reason: string };
+
+const ALLOWED_SCHEMES = new Set(['https:', 'http:']);
+
+const BLOCKED_HOST_PATTERNS: RegExp[] = [
+  /^localhost$/i,
+  /^(?:127|10)\./,
+  /^192\.168\./,
+  /^172\.(?:1[6-9]|2\d|3[0-1])\./,
+  /^169\.254\./, // link-local + AWS/GCP/Azure metadata (169.254.169.254)
+  /^0\./,
+  /^::1$/,
+  // IPv6 unique-local is fc00::/7 — that covers fc00..fdff.
+  /^f[cd][0-9a-f]{2}:/i,
+  /^fe80:/i, // IPv6 link-local
+];
+
+// IPv4 dotted-quad literal (captures the form the OS + URL parser canonicalize to).
+const IPV4_LITERAL = /^\d{1,3}(?:\.\d{1,3}){3}$/;
+
+// IPv6-mapped IPv4 in dotted form: ::ffff:127.0.0.1
+const IPV6_MAPPED_IPV4_DOTTED = /^::ffff:(\d{1,3}(?:\.\d{1,3}){3})$/i;
+// IPv6-mapped IPv4 in compact hex form: ::ffff:7f00:1
+const IPV6_MAPPED_IPV4_HEX = /^::ffff:[0-9a-f]{1,4}:[0-9a-f]{1,4}$/i;
+// IPv6-mapped IPv4 in fully uncompressed form: 0:0:0:0:0:ffff:7f00:1
+const IPV6_MAPPED_IPV4_FULL = /^0:0:0:0:0:ffff:[0-9a-f]{1,4}:[0-9a-f]{1,4}$/i;
+
+function normalizeHost(hostname: string): string {
+  // URL parser strips brackets from IPv6 hostnames already; be defensive
+  // in case a caller passes the raw host string.
+  const unbracketed = hostname.replace(/^\[/, '').replace(/\]$/, '');
+  const mapped = unbracketed.match(IPV6_MAPPED_IPV4_DOTTED);
+  if (mapped) return mapped[1]; // re-check dotted form against IPv4 patterns
+  return unbracketed;
+}
+
+function isMappedIpv4(host: string): boolean {
+  return (
+    IPV6_MAPPED_IPV4_DOTTED.test(host) ||
+    IPV6_MAPPED_IPV4_HEX.test(host) ||
+    IPV6_MAPPED_IPV4_FULL.test(host)
+  );
+}
+
+function isBlockedHost(hostname: string): string | null {
+  const normalized = normalizeHost(hostname);
+  if (isMappedIpv4(normalized)) {
+    return `host ${hostname} is IPv6-mapped IPv4 — blocked`;
+  }
+  for (const pat of BLOCKED_HOST_PATTERNS) {
+    if (pat.test(normalized)) {
+      return `host ${hostname} is private or loopback — set MCP_VIDEO_ALLOW_INTERNAL=1 to override`;
+    }
+  }
+  return null;
+}
+
+export function guardUrl(raw: unknown): UrlGuardResult {
+  if (typeof raw !== 'string' || raw.length === 0) {
+    return { ok: false, reason: 'url must be a non-empty string' };
+  }
+  let parsed: URL;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    return { ok: false, reason: 'url is not a valid URL' };
+  }
+  if (!ALLOWED_SCHEMES.has(parsed.protocol)) {
+    return { ok: false, reason: `scheme ${parsed.protocol} is not allowed — use http(s)` };
+  }
+  if (process.env.MCP_VIDEO_ALLOW_INTERNAL === '1') {
+    return { ok: true, url: parsed.toString() };
+  }
+  const blocked = isBlockedHost(parsed.hostname);
+  if (blocked) return { ok: false, reason: blocked };
+  return { ok: true, url: parsed.toString() };
+}
+
+/**
+ * Async variant that also resolves the hostname via DNS and checks every
+ * returned IP against the block list. Catches the simple rebind case where
+ * a public hostname resolves to a loopback or RFC1918 address.
+ *
+ * NOTE: This does not eliminate TOCTOU windows — the browser/ffmpeg will
+ * resolve again at request time. But it blocks the trivial path and forces
+ * an attacker to rely on narrow TTL-based flipping.
+ */
+export async function resolveAndGuardUrl(raw: unknown): Promise<UrlGuardResult> {
+  const first = guardUrl(raw);
+  if (!first.ok) return first;
+  if (process.env.MCP_VIDEO_ALLOW_INTERNAL === '1') return first;
+  const parsed = new URL(first.url);
+  const host = parsed.hostname.replace(/^\[/, '').replace(/\]$/, '');
+
+  // Literal IPv4/IPv6 — guardUrl already checked, nothing to resolve.
+  if (IPV4_LITERAL.test(host) || host.includes(':')) return first;
+
+  try {
+    const addresses = await lookup(host, { all: true, family: 0 });
+    for (const addr of addresses) {
+      const blocked = isBlockedHost(addr.address);
+      if (blocked) {
+        return {
+          ok: false,
+          reason: `host ${host} resolves to private address ${addr.address} — blocked`,
+        };
+      }
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `DNS lookup failed for ${host}: ${msg}` };
+  }
+  return first;
+}
+
+/**
+ * Post-navigation check: after `page.goto()` the browser may have followed
+ * redirects to an internal host. Pass `page.url()` through this to confirm
+ * the final URL is still guard-clean.
+ */
+export function guardFinalUrl(raw: unknown): UrlGuardResult {
+  return guardUrl(raw);
+}

package/src/server.ts

@@ -254,15 +254,20 @@ You have 8 tools for video production. Each has a \`type\` parameter to select t
 
 // ─── Startup Validation ──────────────────────────────────
 
-import { execSync } from 'child_process';
 import * as fs from 'fs';
+import { assertFfmpegBinAvailable } from './lib/ffmpeg-bin.js';
 
 function checkDependencies(): void {
-  for (const bin of ['ffmpeg', 'ffprobe']) {
+  // Cross-platform binary check (issue #11): the previous version called
+  // `which ffmpeg`, which is Unix-only and silently failed on Windows even
+  // when ffmpeg was on PATH. assertFfmpegBinAvailable invokes `<bin> -version`
+  // directly via execFile (no shell), honours FFMPEG_PATH / FFPROBE_PATH env
+  // overrides, and works on Linux, macOS, and Windows.
+  for (const bin of ['ffmpeg', 'ffprobe'] as const) {
     try {
-      execSync(`which ${bin}`, { stdio: 'pipe' });
-    } catch {
-      logger.error(`${bin} not found. Install ffmpeg: https://ffmpeg.org/download.html`);
+      assertFfmpegBinAvailable(bin);
+    } catch (err) {
+      logger.error(err instanceof Error ? err.message : String(err));
       process.exit(1);
     }
   }

package/src/tools/engine/audio-mixer.ts

@@ -6,10 +6,10 @@
  * Per-track: volume, fade in/out.
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe, runFfprobe as runFfprobeSafe } from '../../lib/ffmpeg-run.js';
 
 // ─── Types ──────────────────────────────────────────────────────────
 
@@ -51,16 +51,7 @@ export interface AudioMixResult {
 // ─── Helpers ────────────────────────────────────────────────────────
 
 function runFfmpeg(args: string[], timeoutMs = 300_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'audio-mixer' });
 }
 
 function ensureDir(filePath: string): void {
@@ -78,16 +69,12 @@ function fileInfo(filePath: string): string {
 }
 
 function getMediaDuration(filePath: string): Promise<number> {
-  return new Promise((resolve, reject) => {
-    execFile(
-      'ffprobe',
-      ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
-      (error, stdout) => {
-        if (error) { reject(new Error(`ffprobe failed: ${error.message}`)); return; }
-        const dur = parseFloat(stdout.trim());
-        resolve(isNaN(dur) ? 0 : dur);
-      }
-    );
+  return runFfprobeSafe(
+    ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
+    { maxBuffer: 10 * 1024 * 1024, label: 'audio-mixer-probe' },
+  ).then((s) => {
+    const dur = parseFloat(s.trim());
+    return isNaN(dur) ? 0 : dur;
   });
 }
 

package/src/tools/engine/audio.ts

@@ -3,24 +3,18 @@
  * All processing via ffmpeg + ffprobe (no npm dependencies)
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe, runFfprobe as runFfprobeSafe } from '../../lib/ffmpeg-run.js';
 
 // ─── ffprobe helper ─────────────────────────────────────────────────
 
 export function getMediaDuration(filePath: string): Promise<number> {
-  return new Promise((resolve, reject) => {
-    execFile(
-      'ffprobe',
-      ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
-      (error, stdout) => {
-        if (error) reject(new Error(`ffprobe failed: ${error.message}`));
-        else resolve(parseFloat(stdout.trim()) || 0);
-      }
-    );
-  });
+  return runFfprobeSafe(
+    ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
+    { maxBuffer: 10 * 1024 * 1024, label: 'audio-probe' },
+  ).then((s) => parseFloat(s.trim()) || 0);
 }
 
 // ─── Background Music ───────────────────────────────────────────────
@@ -102,14 +96,5 @@ export async function addBackgroundMusic(config: AddMusicConfig): Promise<string
 // ─── ffmpeg runner ──────────────────────────────────────────────────
 
 function runFfmpeg(args: string[]): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 50 * 1024 * 1024 }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 50 * 1024 * 1024, label: 'audio' });
 }

package/src/tools/engine/beat-sync.ts

@@ -7,10 +7,10 @@
  * Flow: Analyze audio → find beat positions → cut clips to beats → concatenate
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe, runFfprobe as runFfprobeSafe } from '../../lib/ffmpeg-run.js';
 
 // ─── Types ──────────────────────────────────────────────────────────
 
@@ -41,29 +41,12 @@ export interface BeatSyncResult {
 // ─── Helpers ────────────────────────────────────────────────────────
 
 function runFfmpeg(args: string[], timeoutMs = 600_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stderr); // ffmpeg outputs filter info to stderr
-    });
-  });
+  // ffmpeg outputs filter info to stderr for beat detection; request stderr.
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'beat-sync' }, 'stderr');
 }
 
 function runFfmpegStdout(args: string[], timeoutMs = 300_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'beat-sync-stdout' });
 }
 
 function ensureDir(filePath: string): void {
@@ -81,16 +64,12 @@ function fileInfo(filePath: string): string {
 }
 
 function getMediaDuration(filePath: string): Promise<number> {
-  return new Promise((resolve, reject) => {
-    execFile(
-      'ffprobe',
-      ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
-      (error, stdout) => {
-        if (error) { reject(new Error(`ffprobe failed: ${error.message}`)); return; }
-        const dur = parseFloat(stdout.trim());
-        resolve(isNaN(dur) ? 0 : dur);
-      }
-    );
+  return runFfprobeSafe(
+    ['-v', 'quiet', '-show_entries', 'format=duration', '-of', 'csv=p=0', filePath],
+    { maxBuffer: 10 * 1024 * 1024, label: 'beat-sync-probe' },
+  ).then((s) => {
+    const dur = parseFloat(s.trim());
+    return isNaN(dur) ? 0 : dur;
   });
 }
 

package/src/tools/engine/capture.ts

@@ -12,6 +12,7 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
 import { logger } from '../../lib/logger.js';
+import { guardFinalUrl } from '../../lib/url-guard.js';
 import type { RecordingConfig, RecordingResult, ViewportConfig, Scene } from './types.js';
 import { VIEWPORTS } from './types.js';
 import { injectCursor, hideCursor } from './cursor.js';
@@ -93,6 +94,13 @@ export async function recordWebsite(config: RecordingConfig): Promise<RecordingR
       await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });
     });
 
+    // Post-redirect guard: browser may have followed 302/301 to an internal host.
+    const finalUrl = page.url();
+    const finalGuard = guardFinalUrl(finalUrl);
+    if (!finalGuard.ok) {
+      throw new Error(`post-redirect check failed — final URL rejected: ${finalGuard.reason}`);
+    }
+
     // Wait for content to render
     await page.waitForTimeout(2000);
 

package/src/tools/engine/chroma-key.ts

@@ -8,10 +8,10 @@
  * - Composite onto replacement background (video, image, or solid color)
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe } from '../../lib/ffmpeg-run.js';
 
 // ─── Types ──────────────────────────────────────────────────────────
 
@@ -36,16 +36,7 @@ export interface ChromaKeyConfig {
 // ─── Helpers ────────────────────────────────────────────────────────
 
 function runFfmpeg(args: string[], timeoutMs = 300_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'chroma-key' });
 }
 
 function ensureDir(filePath: string): void {

package/src/tools/engine/concat.ts

@@ -2,10 +2,10 @@
  * Video concatenation engine — merge multiple clips with cinematic transitions
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe } from '../../lib/ffmpeg-run.js';
 import { getMediaDuration } from './audio.js';
 
 // ─── Available Transitions ──────────────────────────────────────────
@@ -229,14 +229,5 @@ async function findFont(): Promise<string> {
 }
 
 function runFfmpeg(args: string[]): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 50 * 1024 * 1024 }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 50 * 1024 * 1024, label: 'concat' });
 }

package/src/tools/engine/editing.ts

@@ -5,25 +5,16 @@
  * All processing via ffmpeg (no npm dependencies).
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe, runFfprobe as runFfprobeSafe } from '../../lib/ffmpeg-run.js';
 import { getMediaDuration } from './audio.js';
 
 // ─── Shared ffmpeg runner ────────────────────────────────────────────
 
 function runFfmpeg(args: string[], timeoutMs = 300_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'editing' });
 }
 
 function ensureDir(filePath: string): void {
@@ -37,16 +28,10 @@ function assertExists(filePath: string, label = 'File'): void {
 
 /** Check if a media file has an audio stream */
 function hasAudioStream(filePath: string): Promise<boolean> {
-  return new Promise((resolve) => {
-    execFile(
-      'ffprobe',
-      ['-v', 'quiet', '-select_streams', 'a', '-show_entries', 'stream=codec_type', '-of', 'csv=p=0', filePath],
-      (error, stdout) => {
-        if (error) { resolve(false); return; }
-        resolve(stdout.trim().length > 0);
-      }
-    );
-  });
+  return runFfprobeSafe(
+    ['-v', 'quiet', '-select_streams', 'a', '-show_entries', 'stream=codec_type', '-of', 'csv=p=0', filePath],
+    { maxBuffer: 10 * 1024 * 1024, label: 'editing-probe-audio' },
+  ).then((s) => s.trim().length > 0).catch(() => false);
 }
 
 function fileInfo(filePath: string): string {
@@ -660,19 +645,17 @@ function buildInterpolationExpr(keyframes: Keyframe[], prop: 'scale' | 'panX' |
 }
 
 async function getVideoResolution(filePath: string): Promise<{ width: number; height: number }> {
-  return new Promise((resolve, reject) => {
-    execFile(
-      'ffprobe',
-      ['-v', 'quiet', '-select_streams', 'v:0', '-show_entries', 'stream=width,height', '-of', 'json', filePath],
-      (error, stdout) => {
-        if (error) { reject(new Error(`ffprobe failed: ${error.message}`)); return; }
-        try {
-          const data = JSON.parse(stdout);
-          const stream = data.streams?.[0];
-          resolve({ width: stream?.width ?? 1920, height: stream?.height ?? 1080 });
-        } catch { resolve({ width: 1920, height: 1080 }); }
-      }
-    );
+  return runFfprobeSafe(
+    ['-v', 'quiet', '-select_streams', 'v:0', '-show_entries', 'stream=width,height', '-of', 'json', filePath],
+    { maxBuffer: 10 * 1024 * 1024, label: 'editing-probe-resolution' },
+  ).then((stdout) => {
+    try {
+      const data = JSON.parse(stdout);
+      const stream = data.streams?.[0];
+      return { width: stream?.width ?? 1920, height: stream?.height ?? 1080 };
+    } catch {
+      return { width: 1920, height: 1080 };
+    }
   });
 }
 

package/src/tools/engine/encoder.ts

@@ -2,10 +2,10 @@
  * ffmpeg encoding pipeline — stitches PNG frames into cinema-grade video
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe } from '../../lib/ffmpeg-run.js';
 import type { EncodingConfig, VideoCodec, VideoFormat } from './types.js';
 
 interface EncodeResult {
@@ -180,17 +180,7 @@ export async function concatenateWithTransition(
  * Run ffmpeg command and return a promise
  */
 function runFfmpeg(args: string[]): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 50 * 1024 * 1024 }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      logger.debug(`ffmpeg output: ${stderr.slice(-200)}`);
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 50 * 1024 * 1024, label: 'encoder' });
 }
 
 /**

package/src/tools/engine/lut-presets.ts

@@ -6,10 +6,10 @@
  * Intensity parameter (0.0-1.0) blends graded output with the original.
  */
 
-import { execFile } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
 import { logger } from '../../lib/logger.js';
+import { runFfmpeg as runFfmpegSafe } from '../../lib/ffmpeg-run.js';
 
 // ─── Types ──────────────────────────────────────────────────────────
 
@@ -147,16 +147,7 @@ export const ALL_LUT_PRESETS = Object.keys(PRESET_FILTERS) as LutPreset[];
 // ─── Helpers ────────────────────────────────────────────────────────
 
 function runFfmpeg(args: string[], timeoutMs = 300_000): Promise<string> {
-  return new Promise((resolve, reject) => {
-    execFile('ffmpeg', args, { maxBuffer: 100 * 1024 * 1024, timeout: timeoutMs }, (error, stdout, stderr) => {
-      if (error) {
-        logger.error(`ffmpeg failed: ${stderr}`);
-        reject(new Error(`ffmpeg failed: ${stderr || error.message}`));
-        return;
-      }
-      resolve(stdout);
-    });
-  });
+  return runFfmpegSafe(args, { maxBuffer: 100 * 1024 * 1024, timeoutMs, label: 'lut-presets' });
 }
 
 function ensureDir(filePath: string): void {