{"id":50089533,"url":"https://github.com/etticdevelopment/opentrust","last_synced_at":"2026-05-22T22:09:38.040Z","repository":{"id":355106850,"uuid":"1222899260","full_name":"EtticDevelopment/opentrust","owner":"EtticDevelopment","description":"A self-hosted, open-source trust center plugin for WordPress with an optional AI assistant grounded in your own policies.","archived":false,"fork":false,"pushed_at":"2026-05-21T22:09:52.000Z","size":1382,"stargazers_count":3,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T06:50:03.940Z","etag":null,"topics":["ai-chatbot","compliance","gdpr","php","privacy","trust-center","wordpress","wordpress-plugin"],"latest_commit_sha":null,"homepage":"https://plugins.ettic.nl/opentrust","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EtticDevelopment.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-27T20:20:43.000Z","updated_at":"2026-05-21T22:00:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/EtticDevelopment/opentrust","commit_stats":null,"previous_names":["nolderoos/opentrust","etticdevelopment/opentrust"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/EtticDevelopment/opentrust","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EtticDevelopment%2Fopentrust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EtticDevelopment%2Fopentrust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EtticDevelopment%2Fopentrust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EtticDevelopment%2Fopentrust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EtticDevelopment","download_url":"https://codeload.github.com/EtticDevelopment/opentrust/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EtticDevelopment%2Fopentrust/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33372740,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-22T21:56:13.512Z","status":"ssl_error","status_checked_at":"2026-05-22T21:56:10.769Z","response_time":265,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-chatbot","compliance","gdpr","php","privacy","trust-center","wordpress","wordpress-plugin"],"created_at":"2026-05-22T22:09:37.209Z","updated_at":"2026-05-22T22:09:38.035Z","avatar_url":"https://github.com/EtticDevelopment.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Open Trust Center by Ettic\n\n**A self-hosted, open-source trust center plugin for WordPress.**\n\nPublish security policies, subprocessors, certifications, and data practices on your own site, with an optional AI assistant grounded in your policies.\n\n[![License: GPL v2 or later](https://img.shields.io/badge/License-GPLv2%2B-blue.svg)](LICENSE)\n[![PHP 8.1+](https://img.shields.io/badge/PHP-8.1%2B-777BB4.svg)](https://www.php.net/)\n[![WordPress 6.0+](https://img.shields.io/badge/WordPress-6.0%2B-21759B.svg)](https://wordpress.org/)\n[![WordPress Plugin Version](https://img.shields.io/wordpress/plugin/v/open-trust-center-by-ettic?style=flat-square)](https://wordpress.org/plugins/open-trust-center-by-ettic/)\n[![Tested WP Version](https://img.shields.io/wordpress/plugin/tested/open-trust-center-by-ettic?style=flat-square)](https://wordpress.org/plugins/open-trust-center-by-ettic/)\n[![Downloads](https://img.shields.io/wordpress/plugin/dt/open-trust-center-by-ettic?style=flat-square)](https://wordpress.org/plugins/open-trust-center-by-ettic/advanced/)\n\n\u003c/div\u003e\n\n---\n\nOpen Trust Center by Ettic is a self-hosted, open-source trust center for WordPress. Procurement teams want a URL they can read. Buyers want receipts. Auditors want a version trail. Open Trust Center by Ettic gives you all three on a branded page that lives on your own WordPress site.\n\n## What's inside\n\n- **Security policies** with auto-incrementing version numbers and archived revisions reachable at stable URLs (`/trust-center/policy/{slug}/version/{n}/`).\n- **Subprocessors** with pre-filled metadata for 200+ common cloud vendors and SaaS providers.\n- **Compliance certifications** with status badges (active, in progress, expired) and a bundled catalog covering SOC 2, ISO 27001, ISO 27701, HIPAA, PCI-DSS, and others.\n- **Data practices** organised by category — the full GDPR Article 30 surface, made public.\n- **FAQ** seeded with sensible defaults; edit, add, or remove freely.\n- **Contact \u0026 DPO block** with company description, DPO name and email, security contact, mailing address, PGP key URL, company registration, VAT/Tax ID. Renders only fields you populate.\n- **Optional AI chat** powered by Anthropic, OpenAI, or OpenRouter — agentic retrieval, inline citations, token budgets, rate limits.\n\n## Install\n\n**From WordPress.org**: coming soon at https://wordpress.org/plugins/open-trust-center-by-ettic/ (currently in review).\n\n**Manually:**\n\n1. Download the latest release from [Releases](../../releases).\n2. WP Admin → Plugins → Add New → Upload Plugin → upload the zip → Activate.\n3. Visit Open Trust Center in the admin sidebar to set your accent colour, logo, and company name.\n4. Add content under **Open Trust Center → Policies / Certifications / Subprocessors / Data Practices**.\n5. Visit `/trust-center/` on your site.\n\n## AI chat\n\nAdd an optional chat assistant that answers visitor questions straight from your published trust center. Ask it \"Where is our data hosted?\" or \"Are you SOC 2 certified?\" and it searches your policies, certifications, subprocessors, and data practices, then answers with citations linking back to the exact source.\n\nIt only ever answers from what you've published — it can't retrieve a document you haven't given it, so it won't invent policy you don't have. Anthropic is the recommended provider because it returns native, verifiable citations; OpenAI and OpenRouter also work, using inline citation markers.\n\nTo turn it on:\n\n1. **Open Trust Center → Settings → AI Chat**\n2. Pick a provider, paste an API key (encrypted at rest with libsodium before it touches the database), and pick a model.\n3. Set the daily/monthly token budgets you're comfortable with.\n4. Optional: enable Cloudflare Turnstile in the same tab for bot defence.\n5. Visit `/trust-center/ask/`.\n\nThere's no SaaS subscription. You only pay your AI provider for tokens consumed (~$3–$15/month for typical traffic, hard ceilings at 500K tokens/day and 10M tokens/month by default).\n\n## Privacy by design\n\n- **Zero telemetry, zero analytics, zero licence checks.** The only outbound HTTP calls the plugin can make are AI provider requests you configure, and they go through an SSRF host allowlist.\n- **No PII in logs.** The optional `wp_ettic_otc_chat_log` table stores only short hashed identifiers — never raw IPs, emails, sessions, user agents, or referrers. The privacy posture is enforced by the schema itself.\n- **Encrypted secrets.** API keys and the Cloudflare Turnstile secret are encrypted at rest with libsodium `secretbox`, salted from `wp_salt('auth')`. Rotating `AUTH_KEY` invalidates every stored secret atomically.\n- **Theme-isolated rendering.** The trust center intercepts at `template_redirect`, outputs a complete standalone HTML document with inlined CSS, and exits. Your theme's stylesheet, header, footer, and JavaScript never load.\n- **Capability-checked admin actions** with nonce verification on every save handler.\n\n## Stack\n\n- **PHP 8.1+** (strict types, match expressions, readonly properties)\n- **WordPress 6.0+**\n- **libsodium** for secret encryption (bundled with PHP 7.2+)\n- **No Composer vendor tree, no build step, no Node.js**\n- Vanilla JS for the frontend; jQuery only in admin (a WordPress dependency)\n- WPML / Polylang compatible out of the box\n\n## Local development\n\n```bash\ngit clone https://github.com/EtticDevelopment/opentrust.git\ncd opentrust\n\n# Symlink into a local WordPress install (e.g. WP Studio, Local, Lando, etc.)\nln -s \"$(pwd)\" /path/to/wordpress/wp-content/plugins/opentrust\n\n# Activate via WP-CLI\nwp plugin activate opentrust --path=/path/to/wordpress\n```\n\n### Run Plugin Check before submitting changes\n\n```bash\nwp plugin check opentrust \\\n  --categories=plugin_repo,security,performance,general,accessibility \\\n  --severity=warning \\\n  --exclude-directories=\".claude,.git\" \\\n  --exclude-files=\"CLAUDE.md,.gitignore,.distignore,.DS_Store\"\n```\n\nShould report **\"No errors found.\"** Anything else is a regression.\n\n### Build a distribution zip locally\n\n```bash\nrsync -a --exclude-from=.distignore --exclude='.git' --exclude='.claude' \\\n      ./ /tmp/opentrust-stage/opentrust/\ncd /tmp/opentrust-stage \u0026\u0026 zip -rq opentrust.zip opentrust\n```\n\n## Translations\n\nShips with a `.pot` template and a starter Dutch (nl_NL) translation. WPML and Polylang compatible — all four content CPTs are registered public with a `wpml-config.xml` declaring translatable meta fields, so policies, certifications, subprocessors, and data practices can be translated per-language.\n\nTranslators can regenerate the template from source:\n\n```bash\nwp i18n make-pot . languages/open-trust-center-by-ettic.pot --domain=open-trust-center-by-ettic\n```\n\nContribute a translation at [translate.wordpress.org](https://translate.wordpress.org/) once the plugin is live there.\n\n## Contributing\n\nIssues and pull requests welcome. Before opening a PR:\n\n1. Run Plugin Check (above) — it should report zero errors.\n2. Verify the plugin still loads cleanly on a fresh WordPress install (`/trust-center/` returns 200, no PHP errors in `debug.log`).\n3. If you're adding a user-facing string, wrap it in the `opentrust` text domain.\n4. Keep PHP 8.1 as the floor — match expressions and named arguments are fine.\n\n## Status\n\n**1.0.0 — first public release.** Submitted to wordpress.org.\n\n## License\n\n[GPL-2.0-or-later](LICENSE). Same as WordPress core.\n\n## Acknowledgements\n\nBuilt and maintained by **[Ettic](https://plugins.ettic.nl)**.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fetticdevelopment%2Fopentrust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fetticdevelopment%2Fopentrust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fetticdevelopment%2Fopentrust/lists"}