# FrameFinder Clip Library Setup

The Clip Library UI and API are already wired. To make uploads and downloads live on Cloudflare Pages, add storage bindings and a moderation workflow.

## Cloudflare Resources

1. Create an R2 bucket, for example `framefinder-clips`.
2. Create a D1 database, for example `framefinder_clip_library`.
3. Apply the schema in `migrations/0001_clip_library.sql`.
4. In Cloudflare Pages, bind:
   - `CLIP_BUCKET` to the R2 bucket.
   - `CLIP_DB` to the D1 database.
5. Add secrets or environment variables:
   - `ADMIN_TOKEN`: required to approve or reject clips through the admin API.
   - `CLIP_MAX_UPLOAD_MB`: optional upload size limit. Default is `75`.
   - `CLIP_MODERATION_ENDPOINT`: optional video moderation endpoint for automated NSFW review.
   - `CLIP_MODERATION_TOKEN`: optional bearer token for the moderation endpoint.
   - `CLIP_ALLOW_AUTO_APPROVE`: optional. Set to `true` only if the moderation provider is trusted to approve clips without human review.

## Moderation Model

Uploads are not public by default. The API stores accepted files under a private R2 key, records metadata in D1, and only serves downloads for rows with `status = 'approved'`.

The upload function immediately rejects metadata containing sexual or NSFW terms. For stronger protection, connect `CLIP_MODERATION_ENDPOINT` to a video moderation provider that can inspect the uploaded file and return JSON like:

```json
{
  "status": "pending",
  "safe": true,
  "nsfwScore": 0.02,
  "sexualScore": 0.01,
  "reason": "No unsafe sexual content detected."
}
```

Return `"status": "rejected"` or `"safe": false` to block an upload. Keep `CLIP_ALLOW_AUTO_APPROVE` unset unless you are comfortable publishing clips automatically.

## Admin Review API

Approve a clip:

```bash
curl -X PATCH "https://your-site.pages.dev/api/clips" \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "content-type: application/json" \
  --data "{\"id\":\"clip-id\",\"status\":\"approved\",\"reason\":\"Reviewed and safe.\"}"
```

Reject a clip:

```bash
curl -X PATCH "https://your-site.pages.dev/api/clips" \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "content-type: application/json" \
  --data "{\"id\":\"clip-id\",\"status\":\"rejected\",\"reason\":\"Unsafe or not reusable.\"}"
```

Only approved clips appear in the public library and only approved clips can be downloaded.
