Developers
Filters, REST API, post types and meta, programmatic API, and constants.
OpenTrust has a deliberately small filter surface and a fairly rich programmatic API. Most extension scenarios are covered by one of:
- A filter on the bundled catalogs (subprocessors, certifications, data practices, FAQs).
- A read against the public Repository API.
- A direct call against the chat REST endpoint.
Where to look
Hooks
Every plugin-defined filter, plus the catalog-extension recipe.
REST API
POST /wp-json/opentrust/v1/chat. Request, four-gate auth, SSE protocol, error codes.
Post types & meta
Five CPTs and every _ot_* postmeta key, by content type.
Programmatic API
Repository, Version, Catalog, Secrets, Budget, Log, IO public methods.
Conventions
- Class prefix: every OpenTrust class is named
OpenTrust_orOpenTrust\…. There's no autoloader; the main plugin filerequireseach class explicitly. - Hook prefix: every plugin-defined hook is named
opentrust_*. - Postmeta prefix: every CPT meta key is named
_ot_*. The leading underscore keeps them out of WordPress's default custom-fields meta box. - No global helper functions. Public APIs are static methods on
OpenTrust_*classes. - All output escaped (
esc_html,esc_attr,esc_url,wp_kses_post). All input sanitized. - All admin actions:
manage_optionscapability check +_wpnonceverification.
Templates are not overridable
OpenTrust does not have a theme template-override mechanism. Templates live in templates/ and are loaded with hard require / include paths. The "complete theme isolation" rendering strategy depends on these templates running unmodified.
If you need to fork rendering, fork the plugin. Do not file PRs adding locate_template() indirection: it regresses the theme-isolation guarantee.
The block content of policies still runs through apply_filters('the_content', ...), so any global content filter you have applies to policy bodies. That's the only sanctioned hook into the rendered output.
Constants
OpenTrust defines a handful of runtime constants in the main plugin file. None are user-overridable.
Plugin constants
| Constant | Value | Purpose |
|---|---|---|
OPENTRUST_VERSION | Plugin version string (e.g. 1.0.0) | Used by asset cache-busting and import compatibility checks. |
OPENTRUST_DB_VERSION | Integer schema version (currently 2) | Compared against the stored opentrust_db_version option on every init. |
OPENTRUST_PLUGIN_DIR | plugin_dir_path(__FILE__) | Absolute filesystem path to the plugin root. |
OPENTRUST_PLUGIN_URL | plugin_dir_url(__FILE__) | Public URL of the plugin root. |
OPENTRUST_PLUGIN_FILE | __FILE__ of opentrust.php | For register_activation_hook and friends. |
Class constants worth knowing
These are stable across the v1.x line. Code that depends on them should still pin to a plugin version.
| Constant | Value | Purpose |
|---|---|---|
OpenTrust::DEFAULT_ENDPOINT_SLUG | 'trust-center' | Falls back here if the user clears the slug field. |
OpenTrust_Chat::REST_NAMESPACE | 'opentrust/v1' | REST route namespace. |
OpenTrust_Chat::REST_ROUTE | '/chat' | REST route path. |
OpenTrust_Chat::MAX_TOOL_TURNS | 8 | Cap on retrieval tool calls per visitor message. |
OpenTrust_Chat::DEFAULT_MAX_MESSAGE_LENGTH | 1000 | Visitor message char cap (clamped to 100-4000 in settings). |
OpenTrust_Chat_Corpus::TTL | 12 * HOUR_IN_SECONDS | Per-locale corpus transient lifetime. |
OpenTrust_Chat_Corpus::MAX_INDEX_TOKENS | 4000 | Soft cap on slim-index size. |
OpenTrust_Chat_Log::CRON_HOOK | 'opentrust_chat_log_purge' | Daily purge cron name. |
OpenTrust_Chat_Log::RETENTION_DAYS | 90 | Log row retention before purge. |
OpenTrust_IO::SCHEMA_VERSION | Integer schema version of the IO archive format | Imports across mismatching schemas hard-reject. |
Versioning
Public APIs (catalog filters, REST endpoint, post-type slugs, postmeta keys, the documented static methods on OpenTrust_Repository and friends) follow semver. Breaking changes only in major versions. Internal helpers may change between minor versions; if you depend on something not listed in Programmatic API, pin to a plugin version.
Where to file issues
github.com/nolderoos/opentrust/issues. Include WordPress and PHP versions, OpenTrust version, whether AI chat is enabled, and any conflicting plugins.