Run a standards check over Connect
Run a standards check over Connect
Section titled “Run a standards check over Connect”At a glance
Section titled “At a glance”Use this recipe to evaluate a PDF against a named standard’s rule set over
the Connect transports. Examples include PDF/A-4, a PDF Advanced Electronic
Signatures (PAdES) baseline level, or an organizational policy. The
compliance-check tool is Enterprise-tier. The server discovers it through
a class_exists() probe and registers it only when nextpdf/premium is
installed alongside the server. On an open-source-only install, the tool is
absent, and the call fails with an unknown-tool error.
The tool reports a per-rule pass/fail result for the rules it implements for the requested standard. That result is the tool’s own check, not an independent conformance certification. A validator, such as veraPDF for PDF/A, makes the conformance determination. This page describes tool behavior, not a conformance guarantee.
Install
Section titled “Install”composer require nextpdf/serverConfirm that the Enterprise compliance tool is present on the running
deployment with a tools/list call. See /connect/tool-catalog/.
Conceptual overview
Section titled “Conceptual overview”A standard such as PDF/A-4 states requirements for the document. A checker evaluates the document against those requirements (PDF/A-4 §6.2.3). Conformance is determined against the standard’s requirements, not asserted by the software that produced the document (PDF/A-4 §6.7.3). For signature-related standards, the check inspects whether modification occurred after signing against the signed byte range (ISO 32000-2 §12.8).
The tool’s “pass” means “no rule the tool implements for this standard failed”. That result is narrower than a formal conformance certification of the whole document.
API surface
Section titled “API surface”Verify tool names against the running registry with tools/list. The
catalog of record is /connect/tool-catalog/. This recipe does not restate a
tool count, which is a runtime property of the deployment.
Code sample — Quick start
Section titled “Code sample — Quick start”{ "jsonrpc": "2.0", "id": 3, "method": "tools/call", "params": { "name": "compliance_check", "arguments": { "document_id": "<id>", "standard": "pdfa-4" } }}Code sample — Production
Section titled “Code sample — Production”Treat a “fail” result as data you can act on. Distinguish a transport failure from a normal non-success Hypertext Transfer Protocol (HTTP) status over a networked transport:
curl -sS -X POST https://connect.example.com/v1/tools/compliance_check \ -H 'Authorization: Bearer '"$NEXTPDF_CONNECT_TOKEN" \ -H 'Content-Type: application/json' \ -d '{"source":"/var/lib/nextpdf/in/report.pdf","standard":"pdfa-4"}' \ -o /tmp/check.json -w '%{http_code}' > /tmp/check-status || { echo "transport failure invoking compliance_check" >&2; exit 1; }[ "$(cat /tmp/check-status)" = "200" ] || { echo "compliance_check returned non-200; inspect /tmp/check.json" >&2; }The response lists each evaluated rule, its pass/fail status, and a reason for each failure. Use the failures to guide remediation. Do not treat a “pass” as a certification.
Edge cases & gotchas
Section titled “Edge cases & gotchas”- Unknown standard name. The tool returns an unknown-standard error
with the recognized identifiers. Use the exact identifier
(
pdfa-4, a PAdES baseline level, an organizational policy id). - Document not found. Verify the
document_idcame from a prior output call, or pass a validsourcepath. - Corrupt cross-reference. A parse failure means the input is not a valid PDF or is truncated. Regenerate the source.
- Tool absent. Without
nextpdf/premium, the Enterprise compliance tool is not registered, and the call fails with an unknown-tool error.
Performance
Section titled “Performance”The front-matter budget is a documentation cap, not a service-level guarantee.
Security notes
Section titled “Security notes”Do not log the source path or the full report at an externally shipped log level. Log the tool name, request id, and the overall pass/fail outcome. A “pass” describes the rule set the tool implements, not a security or legal warranty.
Conformance
Section titled “Conformance”| Claim | Clause | reference_id |
|---|---|---|
| Standard states requirements; a checker evaluates them | PDF/A-4 §6.2.3 | |
| Conformance is determined against requirements, not asserted by the producer | PDF/A-4 §6.7.3 | |
| Modification after signing is detectable against the signed byte range | ISO 32000-2 §12.8 |
Support for a standards check is not a conformance certification. An independent validator makes the conformance determination.
Commercial context
Section titled “Commercial context”The compliance-check tool is Enterprise-tier. It registers only when
nextpdf/premium is installed alongside the server.
Connect specifics
Section titled “Connect specifics”Transport availability (MCP / REST / gRPC)
Section titled “Transport availability (MCP / REST / gRPC)”Invoke the tool the same way over Model Context Protocol (MCP) tools/call,
the Representational State Transfer (REST) tool endpoint, and the gRPC
service through the shared tool executor.
HITL risk tier
Section titled “HITL risk tier”The check is read-only and not approval_required by default. An operator
override may raise its risk level. The override may only raise the level,
never lower it. See /connect/hitl-risk-tiers/.
Confirmation gate JSON envelope
Section titled “Confirmation gate JSON envelope”The tool does not trigger the gate unless an operator override raises it to
approval_required. The challenge envelope and single-use token contract are
documented in /connect/hitl-risk-tiers/.
See also
Section titled “See also”- /cookbook/connect/batch-compliance/ — run the check across many documents.
- /cookbook/connect/ai-ready-certification/ — run the broader AI-readiness check.
- /connect/tool-catalog/ — review per-tier tool set computation.
- /connect/hitl-risk-tiers/ — review the risk model and the gate.