Stirling PDF: Self-hosted, web-based PDF manipulation tool

Project overview & purpose

  • Self-hosted, web-based PDF manipulation tool using underlying libraries like PDFBox and pdf.js.
  • Popular with people who want local, browser-based PDF utilities for non-technical users (e.g., family) instead of random online services.

ChatGPT-origin controversy

  • README line “Originally developed entirely by ChatGPT” triggered debate.
  • Some read this as a red flag for code quality, security, or even misleading marketing.
  • Creator clarifies: only the first 24-hour prototype was done via ChatGPT; the app has since had over a year of human development.
  • Several commenters suggest updating the documentation to explain this origin more clearly.

Quality, bugs, and tests

  • Mixed reports: some users say they “loved it” initially but found many bugs and unusable tools; others say it “works well enough” for basic tasks.
  • Test coverage is reported as low; code quality criticized in places as showing AI-generation artifacts.

Security, privacy, and deployment

  • Strong concern about running any PDF-manipulating tool, especially AI-generated code, on untrusted input or on the public internet.
  • Several recommend:
    • Self-hosting with no outbound network access (firewalls, Kubernetes network policies, Docker with restricted egress).
    • Using tools like Little Snitch / opensnitch or packet sniffers to verify “no outbound calls” claims.
  • Some conclude they’d only use it on a private network and with trusted PDFs, which limits utility.

Alternatives & ecosystem

  • Alternatives mentioned for overlapping tasks: built-in macOS Preview, Firefox’s PDF editor, Okular, Master PDF Editor, PDFsam, various CLI tools (pdfjam, LibreOffice, etc.), and commercial PDF suites.
  • Some prefer CLI tools directly; others value the web UI as a single, device-agnostic front end.

PDF signing & advanced features

  • Multiple commenters want robust digital signing with certificates, compliant with standards like eIDAS.
  • General sentiment that open-source support for secure PDF signing and qualified certificates is weak.
  • Tools and libraries for signing do exist, but setup and PKI concepts are considered complex and under-served.