AgentSkillsCN

ghostscript-upload-policy

在上传过程中,严格遵循并验证基于Ghostscript的PDF优化策略。在配置、验证或审计摄取管道时使用,要求仅对超过指定大小阈值的未签名PDF执行优化,并明确设定回退行为,同时保留SQLite审计证据。

SKILL.md
--- frontmatter
name: ghostscript-upload-policy
description: Enforce and verify Ghostscript-based PDF optimization policy during uploads. Use when configuring, validating, or auditing ingestion pipelines where optimization must run only for unsigned PDFs above size threshold, with explicit fallback behavior and SQLite audit evidence.

Ghostscript Upload Policy

Apply this policy in every upload flow:

  1. Detect Ghostscript executable in this order:
    • gs
    • gswin64c
    • gswin32c
  2. Optimize only when both conditions are true:
    • PDF is not digitally signed.
    • PDF size is greater than SIZE_THRESHOLD_BYTES (default: 61440 bytes = 60 KB).
  3. If any condition is false, store the original PDF without optimization.
  4. If Ghostscript is missing or fails, store the original PDF and return clear message.
  5. Persist per-file audit record in SQLite with:
    • source_hostname
    • source_ip_reported
    • source_ip_real
    • was_signed
    • optimized
    • status
    • message

Use these statuses:

  • stored: uploaded without optimization
  • optimized: optimized with Ghostscript
  • skipped: unchanged hash and already present in destination
  • error or conflict: explicit upload failure case

Run deterministic diagnostics from project root:

bash
python .agents/skills/ghostscript-upload-policy/scripts/main.py --db storage/audit.db

Expected successful output:

  • Ghostscript path resolution summary
  • Current threshold
  • optimized_count and total_count from audit DB
  • Last audit rows with IP/hostname/status

Error behavior:

  • Return exit code 1 with explicit error text if DB path is invalid or unreadable.