NextPDF Connect tool catalog
At a glance
Section titled “At a glance”NextPDF Connect does not expose a fixed number of tools. The server computes the count at runtime from installed packages, the configuration allowlist, and environment gates. This page documents the verified core set and the method that determines the total.
Install
Section titled “Install”composer require nextpdf/serverConceptual overview
Section titled “Conceptual overview”NextPDF\Server\ToolRegistry builds the catalog at boot in this order:
- Core tier. A fixed set of core tools registers unconditionally. Two further tools register only when a precondition holds.
- Pro tier. The Pro tools register when the Pro provider class
resolves, which happens when
nextpdf/premiumis installed. The server skips this step silently when the class does not resolve. - Enterprise tier. The Enterprise provider follows the same pattern as the Pro provider.
- Bundled extended tiers. The AST and mutation tool providers ship with the server package and register under the Pro tier. An environment gate controls each provider, and each provider degrades gracefully when its underlying core support is absent.
- Security-policy filter. The server intersects each registration
with the
enabled_toolsallowlist. A non-empty allowlist drops any tool not on it. The tier counter includes only a tool that the policy admitted.
The Model Context Protocol (MCP) initialize response reports the
resulting tool_count and per-tier counts for the running server. That
value is authoritative. Treat any fixed total in prose as stale.
API surface
Section titled “API surface”Verified always-available core tools
Section titled “Verified always-available core tools”These twelve tools always register in the core tier. The server reads each risk tier and each MCP behavior hint from the tool implementation.
| Tool name | Category | Description | Risk |
|---|---|---|---|
create_pdf | document | Create a PDF document and return a document_id | caution |
add_text | document | Add text content to a PDF document | caution |
add_image | document | Add an image from a file path or base64 data | caution |
add_table | document | Add an HTML table to a PDF document | caution |
set_font | document | Set the font for subsequent text operations | caution |
add_page | document | Add a new page to the PDF document | caution |
output_pdf | document | Finalize the PDF as a file or base64 | approval_required |
preview_layout | document | Return a JSON layout summary without rendering | safe |
diagnostic.doctor | diagnostic | Run a health check; structured environment diagnostics | safe |
diagnostic.capabilities | diagnostic | List capabilities with tier and status | safe |
diagnostic.inspect | diagnostic | Inspect a PDF and return structural metadata | safe |
diagnostic.verify | diagnostic | Verify PDF integrity, with optional PDF/A or PDF/UA checks | caution |
Conditionally-registered core tools
Section titled “Conditionally-registered core tools”| Tool name | Condition |
|---|---|
generate_barcode | Registers when the installed nextpdf/core includes the core barcode encoder registry |
parse_pdf | Registers only when NEXTPDF_MCP_TOOL_PARSE_PDF_ENABLED is true or 1 |
output_pdf is the only core tool at the approval_required risk
level. Writing a file passes through the human-in-the-loop gate; base64
output does not. See /connect/hitl-risk-tiers/.
Tools added only when extra packages are installed
Section titled “Tools added only when extra packages are installed”The server probes provider classes with class_exists():
- Pro tools register when
nextpdf/premiumis installed and the Pro provider resolves. - Enterprise tools register when
nextpdf/premiumis installed and the Enterprise provider resolves. The privacy tools (redaction, de-identification, zone redaction) wrap Enterprise classes. They register under the Enterprise tier only when those classes are autoloadable. - AST and mutation tools ship with the server and register under the
Pro tier. The
NEXTPDF_AST_TOOLS_ENABLEDandNEXTPDF_MUTATION_TOOLS_ENABLEDgates control them, and both gates are enabled by default.
The Premium package, not the server, defines the exact Pro and Enterprise tool inventories and documents them with that package. The server’s contract is the registration mechanism, not a fixed Premium list.
Code sample — Quick start
Section titled “Code sample — Quick start”Print the tools that this installation exposes without starting a server:
./vendor/bin/generate-skills --dry-run --list-toolsCode sample — Production
Section titled “Code sample — Production”Query the running server for the authoritative count over MCP:
./vendor/bin/nextpdf-mcp <<'EOF'{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"c","version":"1.0.0"}}}{"jsonrpc":"2.0","method":"notifications/initialized"}{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}EOFThe server computes capabilities.nextpdf.tool_count and tiers in the
initialize result for the running process. Over REST,
GET /api/v1/capabilities returns equivalent introspection.
Edge cases and gotchas
Section titled “Edge cases and gotchas”-
There is no fixed “33 tools” — or any fixed total. Older material quotes a single number, but that number is not a contract. The count changes with installed packages, the
enabled_toolsallowlist, and theparse_pdf, AST, and mutation environment gates. Always read it from the running server. -
The allowlist subtracts, it never adds. Listing a Pro tool in
enabled_toolsdoes not register it whennextpdf/premiumis absent. -
A missing tier is silent and expected. An open-source-only install serves the core set and reports zero Pro and zero Enterprise tools. That result is correct operation, not a fault.
-
Tier in the catalog is a declared invariant. Each tool declares its own tier and risk in code. The registry never infers a tier from the namespace or package.
Performance
Section titled “Performance”The registry scan and tier detection run once at boot. The page
performance_budget bounds them. Per-tool cost comes from the underlying
engine operation, not the catalog lookup, which is O(1) by tool name.
Security notes
Section titled “Security notes”Use enabled_tools as a least-privilege control: expose only the tools an
integration needs. The catalog never includes a tool rejected by the
security policy, and the tier counter reflects only admitted tools.
High-risk tools remain gated by human confirmation regardless of catalog
membership. See /connect/security-and-operations/.
Conformance
Section titled “Conformance”This page describes the registry mechanism. Protocol citations for the
tools/list and initialize surfaces are pinned on /transports/mcp/.
The risk model is specified on /connect/hitl-risk-tiers/.
Commercial context
Section titled “Commercial context”The core catalog covers creation, inspection, and diagnostics. Signing,
redaction, compliance, and forensic tools appear only when
nextpdf/premium is installed alongside the server. This packaging
boundary is applied at composer require time, never through a runtime
prompt.
See also
Section titled “See also”- /connect/hitl-risk-tiers/ — what the risk column means and how enforcement works
- /connect/boot-and-discovery/ — the full boot and discovery sequence
- /connect/configuration/ —
enabled_toolsand the environment gates - /transports/mcp/ — the
tools/listandinitializewire formats - /connect/overview/ — why the catalog is runtime-dependent by design