Ghostscript Upload Policy
Apply this policy in every upload flow:
- •Detect Ghostscript executable in this order:
- •
gs - •
gswin64c - •
gswin32c
- •
- •Optimize only when both conditions are true:
- •PDF is not digitally signed.
- •PDF size is greater than
SIZE_THRESHOLD_BYTES(default: 61440 bytes = 60 KB).
- •If any condition is false, store the original PDF without optimization.
- •If Ghostscript is missing or fails, store the original PDF and return clear message.
- •Persist per-file audit record in SQLite with:
- •
source_hostname - •
source_ip_reported - •
source_ip_real - •
was_signed - •
optimized - •
status - •
message
- •
Use these statuses:
- •
stored: uploaded without optimization - •
optimized: optimized with Ghostscript - •
skipped: unchanged hash and already present in destination - •
errororconflict: explicit upload failure case
Run deterministic diagnostics from project root:
bash
python .agents/skills/ghostscript-upload-policy/scripts/main.py --db storage/audit.db
Expected successful output:
- •Ghostscript path resolution summary
- •Current threshold
- •
optimized_countandtotal_countfrom audit DB - •Last audit rows with IP/hostname/status
Error behavior:
- •Return exit code
1with explicit error text if DB path is invalid or unreadable.