feat!: Modernize codebase & fix V2 user issues

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# Default owner
+* @BKDDFS
+
+# Critical paths
+perfectframe/ @BKDDFS
+tests/ @BKDDFS
+.github/ @BKDDFS
+Dockerfile @BKDDFS

.github/CONTRIBUTING.md

@@ -9,12 +9,12 @@ in addressing your issue, assessing changes, and helping you finalize your pull
 > I am still learning how to be an effective maintainer for our project. I am committed to improving, so please feel free to share any feedback or suggestions you might have. Thank you!
 
 PerfectFrameAI is an open source project and we love to receive contributions from our community — you!
-There are many ways to contribute, from writing tutorials or blog posts, improving the documentation, 
+There are many ways to contribute, from writing tutorials or blog posts, improving the documentation,
 submitting bug reports and feature requests or writing code which can be incorporated into PerfectFrameAI itself.
 
 ## Code of Conduct
 This project and everyone participating in it is governed by this [Code of Conduct](https://github.com/BKDDFS/PerfectFrameAI/blob/main/.github/CODE_OF_CONDUCT.md).
-By participating, you are expected to uphold this code. 
+By participating, you are expected to uphold this code.
 
 ## I don't want to read this whole thing I just have a question
 Please use discussion tab for this.
@@ -26,7 +26,7 @@ Before **creating** an Issue for `features`/`bugs`/`improvements` please follow
 Be sure to include a **title and clear description**, as much relevant information as possible.
 Please select the correct Issue type, for example `bug` or `feature`.
 1. all Issues are automatically given the label `status: waiting for triage`
-1. if you wish to work on the Issue once it has been triaged and label changed to `status: ready for dev`, 
+1. if you wish to work on the Issue once it has been triaged and label changed to `status: ready for dev`,
 please include this in your Issue description
 
 ## Working on an Issue

.github/SECURITY.md

@@ -8,7 +8,7 @@ Email: Send an email to Bartekdawidflis@gmail.com with the subject line "Securit
 * Detailed steps to reproduce the issue.
 * Any relevant logs or screenshots.
 * Your recommendations for mitigating the issue, if applicable.
-  
+
 ### Credit:
 If you wish, we will credit you for the discovery of the vulnerability in our release notes or security advisories.
 

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/release.yml

@@ -0,0 +1,12 @@
+changelog:
+  categories:
+    - title: "⚠️ Breaking Changes"
+      labels: [breaking-change]
+    - title: "🚀 Features"
+      labels: [enhancement]
+    - title: "🐛 Bug Fixes"
+      labels: [bug]
+    - title: "📖 Documentation"
+      labels: [documentation]
+    - title: "🔧 Maintenance"
+      labels: [chore, dependencies]

.github/workflows/codeql.yml

@@ -0,0 +1,23 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+  schedule:
+    - cron: '0 6 * * 1'
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: python
+      - uses: github/codeql-action/analyze@v3

.github/workflows/pr-title.yml

@@ -0,0 +1,13 @@
+name: PR Title
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,49 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          release-type: python
+
+  sbom:
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        with:
+          format: spdx-json
+          output-file: perfectframeai-${{ needs.release-please.outputs.tag_name }}.spdx.json
+
+      - name: Attest SBOM
+        uses: actions/attest-sbom@v3
+        with:
+          subject-path: perfectframeai-${{ needs.release-please.outputs.tag_name }}.spdx.json
+          sbom-path: perfectframeai-${{ needs.release-please.outputs.tag_name }}.spdx.json
+
+      - name: Upload SBOM to release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ needs.release-please.outputs.tag_name }}
+          files: perfectframeai-${{ needs.release-please.outputs.tag_name }}.spdx.json

.github/workflows/run_tests.yml

@@ -2,56 +2,58 @@ name: CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [main, dev]
   pull_request:
-    branches: [ "main" ]
-
-permissions:
-  contents: read
+    branches: [main, dev]
 
 jobs:
-  build:
+  pre-commit:
     runs-on: ubuntu-latest
-
-    services:
-      docker:
-        image: docker:26.1.3
-        options: --privileged
-        ports:
-          - 2375:2375
-        env:
-          DOCKER_TLS_CERTDIR: ""
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4.1.6
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
-
-      - name: Set up Python
-        uses: actions/setup-python@v5.1.0
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
         with:
-          python-version: 3.11
-
-      - name: Install Poetry
-        run: |
-          curl -sSL https://install.python-poetry.org | python3 -
-          echo "export PATH=\"$HOME/.local/bin:$PATH\"" >> $GITHUB_ENV
-
-      - name: Install dependencies
-        run: |
-          poetry install
-
-      - name: Run tests with coverage
+          python-version: '3.13'
+      - uses: pre-commit/action@v3.0.1
         env:
-          DOCKER_HOST: tcp://localhost:2375
-        run: |
-          poetry run pytest --cov --cov-report=xml
+          SKIP: pytest
 
+  test:
+    needs: pre-commit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: astral-sh/setup-uv@v7
+      - name: Run tests with coverage
+        run: uv run --group test pytest --cov=perfectframe --cov-report=xml --cov-fail-under=100
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.1
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage.xml
           fail_ci_if_error: true
+
+  test-docker:
+    needs: pre-commit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v6
+      - uses: astral-sh/setup-uv@v7
+      - name: Build Docker image
+        run: docker compose build
+      - name: Run Docker E2E tests
+        run: uv run --group test pytest tests/e2e/docker_*.py -v --timeout=600
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          image-ref: 'perfectframeai-perfectframe:latest'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/scorecard.yml

@@ -0,0 +1,36 @@
+name: OpenSSF Scorecard
+
+on:
+  push:
+    branches: [main]
+  schedule:
+    - cron: '0 6 * * 1'  # Weekly on Monday at 6 AM (aligned with CodeQL)
+  workflow_dispatch:  # Allow manual triggers
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write  # Upload SARIF results
+      id-token: write  # Publish results and enable OIDC
+      contents: read
+      actions: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Run Scorecard analysis
+        uses: ossf/scorecard-action@v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.gitignore

@@ -1,15 +1,37 @@
+# Byte-compiled / optimized / DLL files
 __pycache__/
+
+# Cache directories
 .pytest_cache/
+.ruff_cache/
+
+# Virtual environment
 .venv
+
+# IDE specific files
 .idea/
+
+# macOS
+.DS_Store
+
+# Coverage reports
 .coverage
 htmlcov/
+
+# Environment variables file
 .env
+
+# Input and output directories
 input_directory/*
 output_directory/*
 !input_directory/.gitkeep
 !output_directory/.gitkeep
-nima.h5
+
+# Model files
+*.onnx
+*.h5
+
+# Test files
 tests/test_files/best_frames/*
 tests/test_files/top_images/*
 !tests/test_files/best_frames/.gitkeep

.pre-commit-config.yaml

@@ -0,0 +1,55 @@
+# .pre-commit-config.yaml
+default_install_hook_types: [pre-commit]
+default_stages: [pre-commit]
+
+repos:
+    # FORMATTERS
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v5.0.0
+      hooks:
+          - id: trailing-whitespace
+          - id: end-of-file-fixer
+          - id: check-yaml
+          - id: check-toml
+          - id: check-added-large-files
+            args: ['--maxkb=1000']  # Block files > 1MB
+          - id: debug-statements
+          - id: check-merge-conflict
+
+    - repo: https://github.com/astral-sh/ruff-pre-commit
+      rev: v0.14.14
+      hooks:
+        - id: ruff-format
+        - id: ruff
+          args: ["--fix"]
+
+    - repo: https://github.com/allganize/ty-pre-commit
+      rev: v0.0.13
+      hooks:
+        - id: ty-check
+          exclude: ^(tests|perfectframe)/
+
+    - repo: https://github.com/PyCQA/docformatter
+      rev: 06907d0
+      hooks:
+          - id: docformatter
+            args: ["--in-place", "--wrap-summaries", "100", "--wrap-descriptions", "100"]
+            files: perfectframe/
+
+    - repo: https://github.com/Yelp/detect-secrets
+      rev: v1.5.0
+      hooks:
+        - id: detect-secrets
+          args: ['--baseline', '.secrets.baseline']
+          exclude: 'tests/'
+
+    # LOCAL HOOKS
+    - repo: local
+      hooks:
+        - id: pytest
+          name: pytest-units
+          entry: uv run pytest tests/unit -v --cov=perfectframe --cov-fail-under=100
+          language: system
+          pass_filenames: false
+          files: (perfectframe|tests)/
+          stages: [pre-commit]