{"id":50445138,"url":"https://github.com/ejosterberg/opensalestax-drupal-commerce","last_synced_at":"2026-05-31T21:01:31.407Z","repository":{"id":357734298,"uuid":"1238304580","full_name":"ejosterberg/opensalestax-drupal-commerce","owner":"ejosterberg","description":"Drupal Commerce 3.x tax type plugin for destination-based US sales tax via the self-hosted OpenSalesTax engine. Calculation only; the merchant remits.","archived":false,"fork":false,"pushed_at":"2026-05-14T02:40:23.000Z","size":56,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-14T04:38:04.162Z","etag":null,"topics":["drupal","drupal-commerce","opensalestax","php","sales-tax","tax-calculation"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ejosterberg.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-14T02:15:07.000Z","updated_at":"2026-05-14T02:40:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ejosterberg/opensalestax-drupal-commerce","commit_stats":null,"previous_names":["ejosterberg/opensalestax-drupal-commerce"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ejosterberg/opensalestax-drupal-commerce","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejosterberg%2Fopensalestax-drupal-commerce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejosterberg%2Fopensalestax-drupal-commerce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejosterberg%2Fopensalestax-drupal-commerce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejosterberg%2Fopensalestax-drupal-commerce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ejosterberg","download_url":"https://codeload.github.com/ejosterberg/opensalestax-drupal-commerce/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ejosterberg%2Fopensalestax-drupal-commerce/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33748607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["drupal","drupal-commerce","opensalestax","php","sales-tax","tax-calculation"],"created_at":"2026-05-31T21:01:28.355Z","updated_at":"2026-05-31T21:01:31.400Z","avatar_url":"https://github.com/ejosterberg.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenSalesTax for Drupal Commerce\n\n\u003e **v0.1.1.** Live-validated against Drupal 11 + Drupal Commerce 3.3.5\n\u003e on PHP 8.4 (\\$100 / MN ZIP 55401 → 6 per-jurisdiction adjustments\n\u003e totalling \\$9.03). Passes 56 unit tests on PHP 8.2–8.4; PHPStan level\n\u003e max clean; composer audit clean. CI green on `main`.\n\nA free, self-hostable Drupal Commerce 3.x tax type plugin that swaps\nmanual tax-rate tables for destination-based US sales tax via the\n[OpenSalesTax engine](https://github.com/ejosterberg/opensalestax). No\nper-transaction fees, no SaaS lock-in — merchants run both Drupal\nCommerce and OpenSalesTax on their own infrastructure.\n\n\u003e **Tax calculations are provided as-is for convenience. The merchant\n\u003e is solely responsible for tax-collection accuracy and remittance to\n\u003e the appropriate jurisdictions. Verify against your state Department\n\u003e of Revenue before remitting.**\n\n## What this module does\n\n- Registers OpenSalesTax as a Drupal Commerce **Tax Type** plugin\n  (`@CommerceTaxType(id = \"opensalestax\")`). Drupal Commerce\n  auto-discovers it once the module is enabled.\n- When a US/USD order with a 5-digit shipping ZIP reaches the tax\n  pipeline, the plugin calls `POST /v1/calculate` on your engine and\n  writes one tax adjustment per jurisdiction onto the order (so the\n  cart and order screens render \"Minnesota State Sales Tax\",\n  \"Hennepin County Tax\", etc. — not a single opaque tax line).\n- Caches responses per `(zip5, line-signature)` in Drupal's\n  `cache.default` bin for 24 hours by default.\n- Falls back silently (no tax line, no fatal) on non-US, non-USD,\n  missing ZIP, or any engine error.\n\n## What this module does NOT do\n\n- File or remit tax — **calculation only**. The merchant remits.\n- Validate addresses.\n- Handle non-USD currencies or non-US destinations (passes those\n  through, no tax line written).\n- Handle tax-exempt customers, customer groups, or per-store-entity\n  configuration. (v0.2+.)\n- Tax shipping lines. (v0.2+.)\n- Ship with the engine bundled — point it at your own\n  [OpenSalesTax engine](https://github.com/ejosterberg/opensalestax).\n\n## Compatibility matrix\n\n| Drupal core | Drupal Commerce | PHP    | Status |\n| ----------- | --------------- | ------ | ------ |\n| 10.3+       | 3.x             | 8.1+   | tested |\n| 11.0+       | 3.x             | 8.1+   | should work |\n\nThe module hard-pins **calculation-only** behavior — no schema\nchanges, no service overrides. It coexists with Drupal Commerce's\nbuilt-in flat-rate tax types and applies first when its applies()\ngate matches.\n\n## Install\n\n```bash\ncomposer require ejosterberg/opensalestax-drupal-commerce\ndrush en opensalestax_commerce -y\ndrush cache:rebuild\n```\n\nThe Composer install transparently pulls in the\n[`ejosterberg/opensalestax`](https://packagist.org/packages/ejosterberg/opensalestax)\nPHP SDK.\n\n## Configure\n\nVisit **Commerce → Configuration → OpenSalesTax**\n(`/admin/commerce/config/opensalestax`).\n\n| Field | Default | Purpose |\n| --- | --- | --- |\n| **Engine API URL** | (empty) | Base URL of your OpenSalesTax engine, e.g. `https://ost.example.com`. Empty = module inert. |\n| **API Key (optional)** | (empty) | `X-API-Key` header value if your engine requires authentication. Stored as a config string; blank-field-on-save preserves the existing key. |\n| **Restrict to public IPs (SSRF defense)** | ON | Reject any engine URL whose host resolves to a private, loopback, link-local, CGNAT, or multicast IP. Turn OFF only when the engine is on the same private network as Drupal (e.g. `http://10.x.x.x:8080`). |\n| **Cache TTL (seconds)** | 86400 (24h) | How long to cache engine responses per `(zip5, line-signature)`. Minimum 3600. |\n| **Engine HTTP timeout (seconds)** | 10 | Maximum wait for the engine before falling back. |\n| **Fail hard on engine error** | OFF | When ON, an unreachable engine blocks checkout. When OFF (default), the failure is logged and checkout proceeds with no tax line. |\n\nThen add **OpenSalesTax (Destination-Based US Sales Tax)** as the Tax\nType on each store via **Commerce → Configuration → Taxes**.\n\n## How it works\n\n1. At checkout, Drupal Commerce's tax pipeline iterates over enabled\n   tax types and calls `applies($order)` on each.\n2. Our plugin's `applies()` short-circuits to `FALSE` on non-US,\n   non-USD, missing ZIP, or missing shipping profile.\n3. When `applies()` returns `TRUE`, Drupal Commerce calls `apply($order)`.\n   We normalize the order into `(country, currency, zip5,\n   line_items[])`, look up the cache, and on miss call the engine via\n   the [PHP SDK](https://packagist.org/packages/ejosterberg/opensalestax).\n4. For each tax line returned, we write a per-jurisdiction\n   `Drupal\\commerce_order\\Adjustment` of type `tax` with the\n   jurisdiction's name as label and `opensalestax:\u003cjurisdiction\u003e` as\n   source ID.\n5. Drupal Commerce's totals pipeline picks the adjustments up and\n   renders them.\n\nIf anything goes wrong (engine down, timeout, bad payload), and\n**Fail hard on engine error** is OFF (default), the failure is logged\nvia Drupal's `opensalestax` logger channel and no adjustments are\nwritten — checkout proceeds without tax. The merchant then resolves\nthe engine outage at their own pace without customer-visible breakage.\n\n## Logging\n\nAll engine interactions log structured metadata\n(`zip5`, `http_status`, error message) via Drupal's `opensalestax`\nlogger channel. **Customer addresses and full payloads are never\nlogged.** The API key is read from config in memory only at request\ntime and never written to logs.\n\n## Development\n\n```bash\ncomposer install\ncomposer test                       # PHPUnit unit suite (56 tests)\ncomposer stan                       # PHPStan level max\ncomposer audit                      # composer audit (HIGH+ blocking)\n```\n\nCI runs the same three checks plus a DCO sign-off check on PRs.\n\nSee [`CONTRIBUTING.md`](CONTRIBUTING.md) for branch model, DCO sign-off,\nand the quality gate.\n\n## Security\n\nSee [`SECURITY.md`](SECURITY.md) for responsible-disclosure guidance and\n[`docs/SECURITY-REVIEW.md`](docs/SECURITY-REVIEW.md) for the threat\nmodel with mitigation status.\n\n## Related projects\n\n- [OpenSalesTax engine](https://github.com/ejosterberg/opensalestax)\n- [OpenSalesTax PHP SDK](https://github.com/ejosterberg/opensalestax-php)\n- [opensalestax-magento](https://github.com/ejosterberg/opensalestax-magento)\n- [opensalestax-woocommerce](https://github.com/ejosterberg/opensalestax-woocommerce)\n- [opensalestax-vendure](https://github.com/ejosterberg/opensalestax-vendure)\n- [opensalestax-medusa](https://github.com/ejosterberg/opensalestax-medusa)\n- [opensalestax-saleor](https://github.com/ejosterberg/opensalestax-saleor)\n\n## License\n\nDual-licensed under your choice of [Apache-2.0](LICENSE-APACHE.txt) OR\n[GPL-2.0-or-later](LICENSE-GPL.txt). See [`LICENSE`](LICENSE) for the\ndual-declaration. Drupal contrib code lives under GPL-2.0-or-later;\nthis dual license keeps the module eligible for future Drupal.org\nlisting while preserving Apache-2.0 compatibility for downstream\nredistribution.\n\n## DCO sign-off\n\nEvery commit signed off with `-s`. CI rejects unsigned commits. See\n[`CONTRIBUTING.md`](CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fejosterberg%2Fopensalestax-drupal-commerce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fejosterberg%2Fopensalestax-drupal-commerce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fejosterberg%2Fopensalestax-drupal-commerce/lists"}