jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A PDF text extraction library that gets the hard parts right.
154 commits 1 branch 0 tags 7.5 GiB
Rust 83.6%
Python 5.2%
Swift 2.9%
PHP 1.6%
C 1.5%
Other 5%
Find a file
jedarden 7833d8c514 feat(pdftract-1rami): implement MCP tool catalog with 10 tools 
Implement the MCP tool catalog for pdftract with all 10 tools wired to
the extraction surface via the MCP protocol. The tool registry provides
typed argument schemas (JSON Schema via schemars), structured error
mapping (Rust errors → JSON-RPC error codes), and per-invocation
observability logging.

- Tool registry with Tool trait and 10 tool implementations
- JSON Schema input schemas for all tools (draft-07 compliant)
- Error code mapping: -32000 NOT_YET_IMPLEMENTED, -32001 PDF_ENCRYPTED,
  -32002 IO_ERROR, -32003 PATH_INVALID
- Observability logging: structured stderr log line per tools/call
- Integration tests: 10/11 pass (1 ignored for encrypted fixture)
- Registry unit tests: 23/23 pass

Tools implemented:
- extract, extract_text, extract_markdown (stubs pending Phase 6)
- search (stub pending Phase 6)
- get_metadata, hash (fully implemented, fast paths)
- get_table, get_form_fields, get_attachments, classify (stubs return
  NOT_YET_IMPLEMENTED per spec)

Acceptance criteria: 8/8 PASS (2 WARN for Phase 6 stubs)

Refs: pdftract-1rami
Co-Authored-By: Claude Code <noreply@anthropic.com>
2026-05-23 02:12:41 -04:00
.cargo feat(pdftract-33v): implement property tests and nightly fuzz job 2026-05-22 23:13:13 -04:00
.ci/argo-workflows feat(pdftract-1wfp): implement SHA256SUMS aggregate file generation 2026-05-22 23:57:49 -04:00
.git-hooks fix(pdftract-5z5d8): add pre-commit hook for provenance validation 2026-05-17 23:50:28 -04:00
.github/ISSUE_TEMPLATE docs(pdftract-58kz): add security policy documentation 2026-05-20 19:39:24 -04:00
benches fix(pdftract-60h): fix bugs in benchmark runner script 2026-05-18 01:29:41 -04:00
crates feat(pdftract-1rami): implement MCP tool catalog with 10 tools 2026-05-23 02:12:41 -04:00
docs docs(plan): SDKs are monorepo members, not separate repos 2026-05-22 07:21:45 -04:00
fuzz fix(pdftract-2a6rk): fix xref.rs u64 literal overflow in proptest 2026-05-22 17:26:27 -04:00
notes feat(pdftract-1rami): implement MCP tool catalog with 10 tools 2026-05-23 02:12:41 -04:00
pdftract-dotnet feat(pdftract-1w22d): implement .NET SDK subprocess wrapper 2026-05-22 19:50:57 -04:00
pdftract-go fix(pdftract-2pyln): add source parameter to invoke methods for BytesSource cleanup 2026-05-20 19:08:14 -04:00
pdftract-java feat(sdks): vendor dotnet/java/node SDKs into the monorepo 2026-05-22 07:20:19 -04:00
pdftract-node feat(sdks): vendor dotnet/java/node SDKs into the monorepo 2026-05-22 07:20:19 -04:00
profiles/builtin docs(pdftract-4iier): complete per-profile README documentation 2026-05-18 00:35:35 -04:00
proptest-regressions feat(pdftract-33v): implement property tests and nightly fuzz job 2026-05-22 23:13:13 -04:00
scripts feat(pdftract-59zz): implement MCP bearer token ingress channels and TH-03 enforcement 2026-05-18 02:47:54 -04:00
src feat(pdftract-2bsfc): implement document catalog parser with PageLabels number tree 2026-05-17 23:45:45 -04:00
templates/sdk-skeleton docs(pdftract-49f8): establish Cargo.lock policy and documentation 2026-05-20 18:13:14 -04:00
tests feat(pdftract-3uu6v): implement LZWDecode with /EarlyChange parameter 2026-05-22 22:38:31 -04:00
tools feat(pdftract-4b0z): implement publish-if-tag step for GitHub Releases 2026-05-20 19:06:16 -04:00
xtask docs(pdftract-4iier): complete per-profile README documentation 2026-05-18 00:19:44 -04:00
.gitignore feat(pdftract-33v): implement property tests and nightly fuzz job 2026-05-22 23:13:13 -04:00
.needle-predispatch-sha feat(pdftract-g0ro2): implement MCP HTTP+SSE transport with integration tests 2026-05-23 00:35:14 -04:00
.nextest.toml feat(pdftract-33v): implement property tests and nightly fuzz job 2026-05-22 23:13:13 -04:00
.renovaterc.json docs(pdftract-49f8): finalize Cargo.lock policy with weekly Renovate schedule 2026-05-20 18:22:03 -04:00
Cargo.lock feat(pdftract-g0ro2): implement MCP HTTP+SSE transport with integration tests 2026-05-23 00:35:14 -04:00
Cargo.toml feat(pdftract-3uu6v): implement LZWDecode with /EarlyChange parameter 2026-05-22 22:38:31 -04:00
CHANGELOG.md feat(pdftract-2w02): implement MSRV gate with CI check 2026-05-20 19:03:53 -04:00
CLAUDE.md chore: update push remote to forgejo 2026-05-19 19:59:18 -04:00
clippy.toml feat(pdftract-2w02): pin MSRV to 1.78 with CI gate 2026-05-20 19:03:53 -04:00
CONTRIBUTING.md docs(pdftract-58kz): add security policy documentation 2026-05-20 19:39:24 -04:00
Dockerfile feat(pdftract-68pe): add Dockerfile with FEATURES build-arg support 2026-05-20 19:17:49 -04:00
mod feat(pdftract-2bsfc): implement document catalog parser with PageLabels number tree 2026-05-17 23:45:45 -04:00
pdftract-test-merged.cdx.json feat(pdftract-67tm8): implement MCP stdio transport with integration tests 2026-05-23 00:16:42 -04:00
README.md docs(pdftract-58kz): add security policy documentation 2026-05-20 19:39:24 -04:00
SECURITY.md docs(pdftract-58kz): add security policy documentation 2026-05-20 19:39:24 -04:00
test_flate.rs docs(pdftract-49f8): establish Cargo.lock policy and documentation 2026-05-20 18:13:14 -04:00

README.md

pdftract

MSRV

A PDF text extraction library that gets the hard parts right.

What it does

  • Correct reading order — layout regions are segmented and sequenced before text is emitted, handling multi-column pages, sidebars, footnotes, and mixed-layout documents without relying on PDF operator order
  • Font encoding recovery — when ToUnicode CMaps are absent, wrong, or incomplete, pdftract works through a layered recovery pipeline: glyph name lookup via the Adobe Glyph List, font fingerprinting against known metrics and embedded checksums, and glyph outline shape matching
  • Structure tree extraction — PDF/UA and PDF/A documents encode their logical structure (headings, paragraphs, lists, tables, reading order) in a StructTree; pdftract reads this directly when present, producing accurate semantic output at no extra cost
  • Per-page hybrid routing — each page is independently classified and routed to the appropriate pipeline: vector text extraction, full OCR, or assisted OCR where vector hints improve raster accuracy
  • Structured output with provenance — the primary output is JSON carrying per-span bounding boxes, font name, size, and confidence score alongside the extracted text, not a flat string dump

Output

{
  "pages": [
    {
      "page": 1,
      "blocks": [
        { "kind": "heading", "text": "Introduction", "bbox": [72, 680, 400, 700] },
        { "kind": "paragraph", "text": "...", "bbox": [72, 640, 540, 670] }
      ],
      "spans": [
        { "text": "Introduction", "bbox": [72, 680, 400, 700], "font": "Times-Bold", "size": 14.0, "confidence": 0.99 }
      ]
    }
  ],
  "metadata": { "title": "...", "author": "...", "page_count": 10 }
}

Usage

pdftract extract invoice.pdf            # structured JSON to stdout
pdftract extract invoice.pdf --text     # plain text to stdout
pdftract extract invoice.pdf --output out.json
pdftract serve --port 8080              # HTTP service: POST /extract

Architecture

Rust core with PyO3 Python bindings and a CLI binary. The same binary runs as a command-line tool or as an HTTP microservice — the container deployment is just pdftract serve.

See docs/research/ for technical deep-dives into the PDF specification, font encoding, glyph Unicode recovery, and tagged PDF structure. See docs/notes/ for SDK invocation examples in Python, Node.js, Go, Ruby, Java, Rust, and Bash.

Verifying Releases

All releases are signed using Sigstore keyless signing with OIDC from the iad-ci cluster. This provides cryptographic proof that artifacts were produced by the official CI/CD pipeline and haven't been tampered with.

Verify Binary Archives

To verify downloaded binary archives:

# Download release artifacts
gh release download vX.Y.Z --dir /tmp/pdftract-release

# Verify the SHA256SUMS signature
cosign verify-blob \
  --certificate-identity-regexp 'https://iad-ci-oidc.ardenone.com.*' \
  --certificate-oidc-issuer 'https://iad-ci-oidc.ardenone.com' \
  --signature SHA256SUMS.sig \
  --certificate SHA256SUMS.pem \
  SHA256SUMS

# Verify individual artifacts against checksums
sha256sum -c SHA256SUMS

Verify Docker Images

To verify Docker images before running them:

# Verify the main image
cosign verify \
  --certificate-identity-regexp 'https://iad-ci-oidc.ardenone.com.*' \
  --certificate-oidc-issuer 'https://iad-ci-oidc.ardenone.com' \
  ghcr.io/jedarden/pdftract:X.Y.Z

# Verify the OCR variant
cosign verify \
  --certificate-identity-regexp 'https://iad-ci-oidc.ardenone.com.*' \
  --certificate-oidc-issuer 'https://iad-ci-oidc.ardenone.com' \
  ghcr.io/jedarden/pdftract:ocr-X.Y.Z

# Verify the full variant
cosign verify \
  --certificate-identity-regexp 'https://iad-ci-oidc.ardenone.com.*' \
  --certificate-oidc-issuer 'https://iad-ci-oidc.ardenone.com' \
  ghcr.io/jedarden/pdftract:full-X.Y.Z

View SLSA Provenance

Each Docker image includes SLSA provenance attestation:

cosign verify-attestation \
  --certificate-identity-regexp 'https://iad-ci-oidc.ardenone.com.*' \
  --certificate-oidc-issuer 'https://iad-ci-oidc.ardenone.com' \
  --type slsaprovenance \
  ghcr.io/jedarden/pdftract:X.Y.Z

The provenance includes the build configuration, source commit, and builder identity.

Security

For responsible disclosure of security vulnerabilities, please email security@jedarden.com. See SECURITY.md for our disclosure policy, supported versions, and PGP key for encrypted reports.

PGP Key: The public key for security@jedarden.com is available at docs/security/pgp-public-key.asc.

NOTE: The PGP key is currently a placeholder. The security contact must generate and publish a 4096-bit RSA key for security@jedarden.com. See docs/security/pgp-public-key.asc for generation instructions.

Status

Early development. See docs/plan/ for the implementation roadmap.