pdfnative-cli command builder

Pick a command, fill the form, copy the resulting npx pdfnative-cli invocation. Covers the full CLI surface: render (with --watch / --template / --font), sign (RSA + ECDSA-SHA256, auto signature placeholder), inspect, and verify (real CMS verification + RFC 3161 detection). The builder runs entirely in your browser — nothing is uploaded.

Quick preset:

--input Path to JSON input. Omit to read from stdin.

--output Output path. Omit to write to stdout.

--variant Selects the renderer variant.

--page-size

--margin Single value or top,right,bottom,left in points.

--tagged

--compress FlateDecode all content streams.

--stream AsyncGenerator streaming output.

--layout (file path) Load any subset of PdfLayoutOptions. CLI flags override the layout file.

--lang Comma-separated language codes. Non-Latin requires a registerFontLoader() wrapper.

Iteration helpers

--watch Re-render on input/layout/template change. Requires --input + --output.

--template JSON file with { "key": "value" } pairs substituted into the document.

--font Bundled font codes. For other scripts use --lang.

Watermark

--watermark-text

--watermark-image

--watermark-opacity

--watermark-angle

--watermark-color

--watermark-font-size

--watermark-position

Headers / footers

--header-left

--header-center

--header-right

--footer-left

--footer-center

--footer-right

Placeholders: {page}, {pages}, {date}, {title}. {pages} is rejected with --stream.

Encryption (mutually exclusive with --tagged pdfa*)

--encrypt-owner-pass Required if any --encrypt-* flag is set. Prefer the env var.

--encrypt-user-pass

--encrypt-algorithm

--encrypt-permissions

PDF/A-3 attachments

--attachment (one per line) Format: path[:mime[:relationship[:description]]]. Repeatable.

--input

--output

--key Or set $PDFNATIVE_SIGN_KEY.

--cert Or set $PDFNATIVE_SIGN_CERT.

--cert-chain (one per line) Repeatable. Or set $PDFNATIVE_SIGN_CHAIN.

--algorithm

--signing-time

--reason

--name

--location

--contact

--input

--format

--verbose Adds trailerKeys, catalogKeys, objectCount, xmpMetadata.

--pages Per-page geometry, annotations, form fields.

--check (CI assertions, ANDed)

--check pdfa

--check signed

--check encrypted

Exit code 0 on all-pass, 1 on any failure. Composable with --format.

--input

--format

--strict Exit 1 on any failure or zero signatures.

--trust (one per line) Trust-anchor PEMs. Repeatable.

Scope (v1.1.0): full CMS/PKCS#7 verification (RSA + ECDSA-SHA256), byte-range integrity (SHA-256), certificate chain, trust evaluation against --trust roots, RFC 3161 timestamp validation (PAdES-T), and OCSP/CRL revocation checking via --revocation / --revocation-policy. See the CLI guide.

Generated command

npx pdfnative-cli render

Paste this in any shell. Secrets are never sent — the entire builder runs client-side.

What this playground does not do

It does not execute the CLI in your browser — signing real PDFs requires real private keys, and we will not pretend to. For an in-browser demo of render output, see the homepage live demo. To exercise the full CLI on your machine: npx pdfnative-cli <your built command>.

Resources

CLI guide — full command reference, security model, recipes
pdfnative-cli on GitHub
pdfnative-cli release notes
MCP guide · MCP playground

pdfnative-cli command builder

Generated command Copy

What this playground does not do

Resources

Generated command