I built Silent Editor to see if a fully browser-side stack could handle the PDF editing workflow that people currently do by uploading files to cloud services or paying for Adobe. Loading a PDF, editing text in place, adding signatures, merging pages, exporting a clean result. All without the document ever leaving your machine.
All the technology already exists: PDF.js for parsing and rendering (same engine Firefox uses), pdf-lib for assembling output files, Canvas API for pixel-level work, Tesseract.js compiled to WebAssembly for OCR. The problem is making these pieces work together smoothly enough that it actually feels like a real editor and not a hack.
Most of the system is deterministic plumbing. Rendering pages to canvas, extracting text span coordinates, managing overlay state for highlights and signatures, remapping annotations when pages get reordered or deleted. The part where things get tricky is everything visual: matching the original font when you replace text, sampling the actual ink color from rendered pixels so your edits don't look obviously different, and producing an export that's either compact with selectable text (Vector mode) or pixel-perfect faithful to what you see on screen (Visual Perfect mode).
The privacy model is enforced architecturally, not by policy. Production builds ship with a Content Security Policy and a runtime network guard that block outbound requests carrying document data. The only things that touch the network are billing metadata through Stripe and page analytics through Cloudflare. Neither carries any document content. There's a CI suite that fails the build if any of this regresses.
It's already handling real editing workflows: text replacement with font trait detection, electronic signatures with date stamps, page insert/delete/duplicate/reorder/merge, shape annotations, OCR for scanned documents, and both export paths. But font matching is still imperfect for uncommon typefaces, color sampling from the canvas can miss on edge cases, and Visual Perfect export produces larger files than I'd like.
I'd especially welcome criticism on: is the free tier boundary (daily export cap, Visual Perfect gated to premium) reasonable, or does it feel like it cripples the product? And for people who actually handle sensitive documents regularly, does "runs in your browser, no upload" actually change your behavior, or do you just not think about it?
All the technology already exists: PDF.js for parsing and rendering (same engine Firefox uses), pdf-lib for assembling output files, Canvas API for pixel-level work, Tesseract.js compiled to WebAssembly for OCR. The problem is making these pieces work together smoothly enough that it actually feels like a real editor and not a hack.
Most of the system is deterministic plumbing. Rendering pages to canvas, extracting text span coordinates, managing overlay state for highlights and signatures, remapping annotations when pages get reordered or deleted. The part where things get tricky is everything visual: matching the original font when you replace text, sampling the actual ink color from rendered pixels so your edits don't look obviously different, and producing an export that's either compact with selectable text (Vector mode) or pixel-perfect faithful to what you see on screen (Visual Perfect mode).
The privacy model is enforced architecturally, not by policy. Production builds ship with a Content Security Policy and a runtime network guard that block outbound requests carrying document data. The only things that touch the network are billing metadata through Stripe and page analytics through Cloudflare. Neither carries any document content. There's a CI suite that fails the build if any of this regresses.
It's already handling real editing workflows: text replacement with font trait detection, electronic signatures with date stamps, page insert/delete/duplicate/reorder/merge, shape annotations, OCR for scanned documents, and both export paths. But font matching is still imperfect for uncommon typefaces, color sampling from the canvas can miss on edge cases, and Visual Perfect export produces larger files than I'd like.
I'd especially welcome criticism on: is the free tier boundary (daily export cap, Visual Perfect gated to premium) reasonable, or does it feel like it cripples the product? And for people who actually handle sensitive documents regularly, does "runs in your browser, no upload" actually change your behavior, or do you just not think about it?