| name | ghostscript-upload-policy |
| description | Enforce and verify Ghostscript-based PDF optimization policy during uploads. Use when configuring, validating, or auditing ingestion pipelines where optimization must run only for unsigned PDFs above size threshold, with explicit fallback behavior and SQLite audit evidence. |
Ghostscript Upload Policy
Apply this policy in every upload flow:
- Detect Ghostscript executable in this order:
- Optimize only when both conditions are true:
- PDF is not digitally signed.
- PDF size is greater than
SIZE_THRESHOLD_BYTES (default: 61440 bytes = 60 KB).
- If any condition is false, store the original PDF without optimization.
- If Ghostscript is missing or fails, store the original PDF and return clear message.
- Persist per-file audit record in SQLite with:
source_hostname
source_ip_reported
source_ip_real
was_signed
optimized
status
message
Use these statuses:
stored: uploaded without optimization
optimized: optimized with Ghostscript
skipped: unchanged hash and already present in destination
error or conflict: explicit upload failure case
Run deterministic diagnostics from project root:
python .agents/skills/ghostscript-upload-policy/scripts/main.py --db storage/audit.db
Expected successful output:
- Ghostscript path resolution summary
- Current threshold
optimized_count and total_count from audit DB
- Last audit rows with IP/hostname/status
Error behavior:
- Return exit code
1 with explicit error text if DB path is invalid or unreadable.