+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ __( 'Auto', 'opentrust' ),
+ 'manual' => __( 'Manual', 'opentrust' ),
+ 'off' => __( 'Off', 'opentrust' ),
+ ];
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ wrapped in .opentrust-select for the chevron and focus ring.', 'opentrust' ); ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ; ?>)
+
+
+
+
+
+
+
+
+
+ */
+ public static function sanitize( $input ): array {
+ $current = get_option( self::OPTION_NAME, self::defaults() );
+ if ( ! is_array( $current ) ) {
+ $current = self::defaults();
+ }
+ if ( ! is_array( $input ) ) {
+ return $current;
+ }
+
+ $out = $current;
+
+ // Toggle: hidden 0 + checkbox 1 means $input['enabled'] is always set.
+ $out['enabled'] = ! empty( $input['enabled'] );
+
+ if ( isset( $input['mode'] ) ) {
+ $allowed = [ 'auto', 'manual', 'off' ];
+ $candidate = (string) $input['mode'];
+ $out['mode'] = in_array( $candidate, $allowed, true ) ? $candidate : 'auto';
+ }
+
+ if ( isset( $input['frequency'] ) ) {
+ $out['frequency'] = max( 1, min( 30, absint( $input['frequency'] ) ) );
+ }
+
+ if ( isset( $input['display_name'] ) ) {
+ $clean = sanitize_text_field( (string) $input['display_name'] );
+ $out['display_name'] = function_exists( 'mb_substr' ) ? mb_substr( $clean, 0, 60 ) : substr( $clean, 0, 60 );
+ }
+
+ if ( isset( $input['brand_color'] ) ) {
+ $sanitized = sanitize_hex_color( (string) $input['brand_color'] );
+ $out['brand_color'] = $sanitized ? $sanitized : '#0F5CFA';
+ }
+
+ if ( isset( $input['logo_id'] ) ) {
+ $id = absint( $input['logo_id'] );
+ $out['logo_id'] = ( $id > 0 && wp_attachment_is_image( $id ) ) ? $id : 0;
+ }
+
+ return $out;
+ }
+}
diff --git a/opentrust.php b/opentrust.php
index 363b693..c7ce623 100644
--- a/opentrust.php
+++ b/opentrust.php
@@ -24,6 +24,14 @@
define('OPENTRUST_PLUGIN_FILE', __FILE__);
define('OPENTRUST_DB_VERSION', 2);
+// Ettic shared-template compatibility shims. The shared admin design system
+// at /Users/.../Ettic Admin UI uses PLUGINSLUG_FILE / PLUGINSLUG_URL as its
+// constant placeholder, which renames to OPENTRUST_FILE / OPENTRUST_URL.
+// Aliased to the existing OPENTRUST_PLUGIN_* constants so the ported files
+// run unmodified.
+define('OPENTRUST_FILE', OPENTRUST_PLUGIN_FILE);
+define('OPENTRUST_URL', OPENTRUST_PLUGIN_URL);
+
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust.php';
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust-admin.php';
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust-admin-settings.php';
@@ -38,6 +46,12 @@
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust-io.php';
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust-admin-tools.php';
+// Ettic shared admin design system. Footer.php renders the branded footer
+// used across every OpenTrust admin screen. Settings.php is the reference
+// implementation of the design system's page shell — not booted by default;
+// the migrated admin classes consume its markup vocabulary directly.
+require_once OPENTRUST_PLUGIN_DIR . 'includes/Admin/Footer.php';
+
// Chat (OTC) — policy chat feature.
require_once OPENTRUST_PLUGIN_DIR . 'includes/class-opentrust-chat-secrets.php';
require_once OPENTRUST_PLUGIN_DIR . 'includes/providers/class-opentrust-chat-provider.php';
From 7f588b3f64a4f6ae2af90b70c9045604caee11a0 Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:39:40 +0200
Subject: [PATCH 02/11] apply design system chrome to settings page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Wraps OpenTrust_Admin_Settings::render_settings_page() in .opentrust-admin
and emits the shared template's dark topbar + footer:
- Topbar bar: brand mark (OpenTrust shield, 26x26 white-on-blue), version
pill, dirty-changes counter (data-dirty), Discard + Save buttons. Save
carries form="opentrust-settings-form" so it submits the active tab's
Settings API form from outside it. Discard reloads.
- Topbar head: page title + one-paragraph description; "View Trust Center"
link moves into the topbar as a ghost-dark button.
- Tabbar (NEW component, OpenTrust-only): the 4 tabs render as a light
strip BELOW the topbar instead of inside it. The shared template's "no
tabs in topbar" invariant assumes plugins use WP submenus for section
nav; OpenTrust's ?tab=... URLs are user-bookmarkable so we keep them
and style them as a separate component. Marked clearly in the CSS as
not-for-upstream-extraction.
- Footer: \OpenTrust\Admin\Footer::render() at the bottom of every tab.
- AI tab "Live" pill: re-themed as .opentrust-tabbar__badge (replaces the
inline-styled .ot-pill--live).
General + Contact forms now have id="opentrust-settings-form" so the
topbar Save submits them. The per-tab submit_button() is dropped. On the
AI + IO tabs the Save/Discard buttons aren't rendered (they have bespoke
admin-post forms that wire up in their respective migration commits).
class-opentrust-admin.php enqueues opentrust-admin.css/js as a separate
handle (opentrust-admin-ds) on plugin pages only, never on CPT meta-box
screens. Existing admin.css/admin.js stay loaded for the CPT screens.
Field markup inside the forms is untouched — that migrates per-tab in
commits 3-7. Mid-migration the WP-native form-table rows will look a bit
out of place inside the design-system wrap; that's expected.
---
assets/css/opentrust-admin.css | 75 ++++++++++
includes/class-opentrust-admin-settings.php | 144 ++++++++++++--------
includes/class-opentrust-admin.php | 23 ++++
3 files changed, 187 insertions(+), 55 deletions(-)
diff --git a/assets/css/opentrust-admin.css b/assets/css/opentrust-admin.css
index 715e1e9..154bd1d 100644
--- a/assets/css/opentrust-admin.css
+++ b/assets/css/opentrust-admin.css
@@ -1363,3 +1363,78 @@ body > .opentrust-modal-backdrop.is-leaving { animation: opentrust-backdrop-out
color: var(--ettic-border-hi);
user-select: none;
}
+
+/* ----------------------------------------------------------------------- *
+ * OpenTrust-only extension: tabbar strip below the topbar. *
+ * *
+ * The shared Ettic template forbids horizontal tabs INSIDE the dark *
+ * topbar — OpenTrust's 4-tab settings page predates that invariant and *
+ * users have bookmarked the ?tab=... URLs. This component renders the *
+ * tabs as a separate, lighter strip BELOW the topbar so the design *
+ * system's chrome stays clean while the existing URLs keep working. *
+ * *
+ * Not part of the shared design system. Do not extract upstream without *
+ * first resolving whether multi-page plugins should always use WP *
+ * submenus instead of tabs. *
+ * ----------------------------------------------------------------------- */
+
+.opentrust-admin .opentrust-tabbar {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 4px;
+ align-items: stretch;
+ margin: -8px 0 18px;
+ padding: 0 4px;
+ border-bottom: 1px solid var(--ettic-border);
+}
+
+.opentrust-admin .opentrust-tabbar__tab {
+ position: relative;
+ display: inline-flex;
+ align-items: center;
+ gap: 8px;
+ padding: 9px 14px 11px;
+ margin-bottom: -1px;
+ color: var(--tx-muted);
+ font-size: 13.5px;
+ font-weight: 500;
+ line-height: 1.2;
+ text-decoration: none;
+ border: 1px solid transparent;
+ border-bottom: 2px solid transparent;
+ border-radius: var(--r-sm) var(--r-sm) 0 0;
+ transition: color 120ms ease, border-color 120ms ease, background 120ms ease;
+}
+
+.opentrust-admin .opentrust-tabbar__tab:hover,
+.opentrust-admin .opentrust-tabbar__tab:focus-visible {
+ color: var(--tx-strong);
+ background: var(--ettic-surface-2);
+ text-decoration: none;
+ outline: none;
+}
+
+.opentrust-admin .opentrust-tabbar__tab.is-active {
+ color: var(--ettic-blue);
+ border-bottom-color: var(--ettic-blue);
+ background: transparent;
+}
+
+.opentrust-admin .opentrust-tabbar__tab.is-active:hover {
+ background: transparent;
+}
+
+.opentrust-admin .opentrust-tabbar__badge {
+ display: inline-flex;
+ align-items: center;
+ height: 18px;
+ padding: 0 7px;
+ font-size: 10.5px;
+ font-weight: 600;
+ letter-spacing: 0.02em;
+ text-transform: uppercase;
+ color: #166534;
+ background: #dcfce7;
+ border-radius: 9px;
+ line-height: 1;
+}
diff --git a/includes/class-opentrust-admin-settings.php b/includes/class-opentrust-admin-settings.php
index bcefda6..35a6753 100644
--- a/includes/class-opentrust-admin-settings.php
+++ b/includes/class-opentrust-admin-settings.php
@@ -568,63 +568,97 @@ public function render_settings_page(): void {
$tab = 'general';
}
$base_url = admin_url('admin.php?page=opentrust');
+
+ // General + Contact are Settings-API-saveable. AI + IO have their own
+ // bespoke forms (admin-post handlers / sub-forms) and don't wire into
+ // the topbar Save until their respective migration commits.
+ $has_settings_form = in_array($tab, ['general', 'contact'], true);
+ $tabs = [
+ 'general' => ['label' => __('General', 'opentrust'), 'url' => $base_url],
+ 'contact' => ['label' => __('Contact', 'opentrust'), 'url' => add_query_arg('tab', 'contact', $base_url)],
+ 'ai' => ['label' => __('AI Chat', 'opentrust'), 'url' => add_query_arg('tab', 'ai', $base_url)],
+ 'io' => ['label' => __('Import & Export', 'opentrust'), 'url' => add_query_arg('tab', 'io', $base_url)],
+ ];
?>
-
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
- - → - -
- -
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+ render_tab(); ?>
+
+ render_ai_tab($settings); ?>
+
+
+
+
+
+
+
+
id, 'toplevel_page_opentrust')
+ || str_starts_with($screen->id, 'opentrust_page_');
+
+ if ($is_plugin_page) {
+ wp_enqueue_style(
+ 'opentrust-admin-ds',
+ OPENTRUST_PLUGIN_URL . 'assets/css/opentrust-admin.css',
+ [],
+ OPENTRUST_VERSION
+ );
+ wp_enqueue_script(
+ 'opentrust-admin-ds',
+ OPENTRUST_PLUGIN_URL . 'assets/js/opentrust-admin.js',
+ [],
+ OPENTRUST_VERSION,
+ true
+ );
+ }
+
// Localize the handful of admin strings that admin.js renders directly
// (e.g. wp.media modal titles). Catalog-screen strings are shipped
// separately below via window.OpenTrustCatalog.
From 82745baa52fbda500d6352d1f031fc726c3e8d12 Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:44:03 +0200
Subject: [PATCH 03/11] migrate General tab fields to design system rows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replaces do_settings_sections('opentrust-settings-general') with a
manual render that emits .opentrust-block + .opentrust-card + .opentrust-row
markup. The register_setting + sanitize cascade are untouched — only the
render side moves to design-system markup.
Sections:
- General → endpoint slug, page title, company name, tagline
- Branding → logo + avatar via .opentrust-media (template's wp.media wiring
via [data-opentrust-media-picker], replacing the legacy data-ot-media-*
bindings for these two fields), accent color via .opentrust-color (native
swatch + hex pair, the existing contrast-warning widget hangs beneath as
a .opentrust-row__control--stack child), credit toggle
- Visible Sections → six chip toggles (.opentrust-chip with the template's
:has(:checked) selector, no JS needed)
Color picker:
- Drops wp-color-picker for the accent field (existing $('.ot-color-picker')
init now finds nothing — kept in admin.js for commit 9 cleanup since
removing the wp-color-picker dep also requires unhooking the style/script
enqueue in class-opentrust-admin.php, out of scope here).
- admin.js accent-warning code now binds to the design system's hex text
input via `input` events. opentrust-admin.js already syncs swatch→text on
input, so swatch picks and direct hex typing both reach updateAccentWarning.
The legacy add_settings_section('opentrust_general'...) + opentrust_branding
+ opentrust_sections registrations stay in register_settings(). They no
longer render because do_settings_sections is gone, but they're harmless
and removing them is bundled into the commit 9 cleanup once Contact + AI
tabs have also migrated and the old render_*_field methods can be deleted
in one sweep.
PHPStan level 5 clean.
---
assets/js/admin.js | 37 ++--
includes/class-opentrust-admin-settings.php | 226 +++++++++++++++++++-
2 files changed, 240 insertions(+), 23 deletions(-)
diff --git a/assets/js/admin.js b/assets/js/admin.js
index 93f1d65..d0e5529 100644
--- a/assets/js/admin.js
+++ b/assets/js/admin.js
@@ -145,25 +145,23 @@
}
$(function () {
- // ── Colour picker ──────────────────────────
- var $accentInput = $('#opentrust_accent_color');
- var $forceExact = $('#opentrust_accent_force_exact');
+ // ── Accent contrast warning ────────────────
+ // Bound to native input events on the design system's hex text input
+ // (#opentrust_accent_color). The template's initColorPickers in
+ // opentrust-admin.js already syncs the swatch to
+ // the hex text input via `input` events, so listening here catches
+ // both swatch picks and direct hex typing.
+ var $accentInput = $('#opentrust_accent_color');
+ var $forceExact = $('#opentrust_accent_force_exact');
var $accentWarning = $('#opentrust-accent-warning');
- $('.ot-color-picker').wpColorPicker({
- change: function (event, ui) {
- // wpColorPicker fires `change` before the input is updated,
- // so defer a tick before reading the value.
- setTimeout(function () {
- updateAccentWarning(ui.color.toString());
- }, 0);
- },
- clear: function () {
- setTimeout(function () {
- updateAccentWarning($accentInput.val());
- }, 0);
- }
- });
+ if ($accentInput.length) {
+ $accentInput.on('input', function () {
+ updateAccentWarning($accentInput.val());
+ });
+ // Initial check on page load.
+ updateAccentWarning($accentInput.val());
+ }
// Live-toggle the override class so the warning tone updates without
// a page reload. The actual clamping still happens server-side — the
@@ -172,11 +170,6 @@
$accentWarning.toggleClass('ot-accent-warning--override', this.checked);
});
- // Initial check on page load.
- if ($accentInput.length) {
- updateAccentWarning($accentInput.val());
- }
-
// ── Media uploader (logo + avatar) ─────────
$('[data-ot-media-field]').each(function () {
var $field = $(this);
diff --git a/includes/class-opentrust-admin-settings.php b/includes/class-opentrust-admin-settings.php
index 35a6753..e0793e7 100644
--- a/includes/class-opentrust-admin-settings.php
+++ b/includes/class-opentrust-admin-settings.php
@@ -338,6 +338,230 @@ public function render_sections_field(array $args): void {
}
}
+ // ──────────────────────────────────────────────
+ // Design-system field renderers
+ // ──────────────────────────────────────────────
+ //
+ // These emit the shared Ettic admin design system row markup directly,
+ // bypassing do_settings_sections(). The Settings API registration in
+ // register_settings() (above) is what `settings_fields()` reads for the
+ // nonce + option_page hidden inputs — that wiring stays unchanged.
+ // add_settings_section/field calls for migrated tabs remain registered
+ // but un-rendered; commit cleanup removes them once all tabs migrate.
+
+ private function ds_render_section_general(): void {
+ $settings = OpenTrust::get_settings();
+ ?>
+
+
+
+
+
+
+ ds_row_text('endpoint_slug', __('Endpoint Slug', 'opentrust'), (string) ($settings['endpoint_slug'] ?? ''), __('The URL path for your trust center (e.g. "trust-center" = yoursite.com/trust-center/).', 'opentrust')); ?>
+ ds_row_text('page_title', __('Page Title', 'opentrust'), (string) ($settings['page_title'] ?? '')); ?>
+ ds_row_text('company_name', __('Company Name', 'opentrust'), (string) ($settings['company_name'] ?? '')); ?>
+ ds_row_textarea('tagline', __('Tagline', 'opentrust'), (string) ($settings['tagline'] ?? ''), __('A short description displayed below the company name in the hero.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+
+ ds_row_media('logo_id', __('Logo', 'opentrust'), (int) ($settings['logo_id'] ?? 0), __('Used in the hero and sticky nav. A white version is recommended — it sits on a dark background.', 'opentrust')); ?>
+ ds_row_media('avatar_id', __('AI Avatar', 'opentrust'), (int) ($settings['avatar_id'] ?? 0), __('Square image used as the avatar on AI chat responses. A colored background with a light/dark mark on top works well.', 'opentrust')); ?>
+ ds_row_accent_color($settings); ?>
+ ds_row_toggle('show_powered_by', __('Credit Link', 'opentrust'), !empty($settings['show_powered_by']), __('Show a "Powered by OpenTrust" credit in the trust center footer. Off by default — public credits are opt-in.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+
+ ds_row_sections((array) ($settings['sections_visible'] ?? [])); ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ; ?>)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ __('Certifications & Compliance', 'opentrust'),
+ 'policies' => __('Policies', 'opentrust'),
+ 'subprocessors' => __('Subprocessors', 'opentrust'),
+ 'data_practices' => __('Data Practices', 'opentrust'),
+ 'faqs' => __('FAQs', 'opentrust'),
+ 'contact' => __('Contact & DPO', 'opentrust'),
+ ];
+ ?>
+
+
+
+
+
+
+
+ $label): ?>
+
+
+
+
+
+
+ ';
- do_settings_sections('opentrust-settings-general');
+ $this->ds_render_section_general();
?>
From d5ecde1685e4e9f679e0afa6e3db9b6f8e24af6f Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:44:55 +0200
Subject: [PATCH 04/11] migrate Contact tab fields to design system rows
Replaces do_settings_sections('opentrust-settings-contact') with a manual
ds_render_section_contact() emitting .opentrust-block + .opentrust-card +
.opentrust-row markup. Same pattern as the General tab migration in the
previous commit.
Adds ds_row_text_typed() for email/url inputs so the native HTML5 type
flows through (mobile keyboards, inline validation, autofill hints) while
the row shell stays consistent with ds_row_text().
The legacy register_settings() entries for the Contact tab stay registered
but un-rendered; they get pruned together with the other un-used Settings
API registrations once AI + IO tabs have also migrated.
PHPStan level 5 clean.
---
includes/class-opentrust-admin-settings.php | 51 ++++++++++++++++++++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/includes/class-opentrust-admin-settings.php b/includes/class-opentrust-admin-settings.php
index e0793e7..2ac3963 100644
--- a/includes/class-opentrust-admin-settings.php
+++ b/includes/class-opentrust-admin-settings.php
@@ -390,6 +390,55 @@ private function ds_render_section_general(): void {
+
+
+
+
+
+
+ ds_row_textarea('company_description', __('Company Description', 'opentrust'), (string) ($settings['company_description'] ?? ''), __('Two or three sentences describing what the company does. Rendered under the "Get in touch" section title.', 'opentrust')); ?>
+ ds_row_text('dpo_name', __('DPO Name', 'opentrust'), (string) ($settings['dpo_name'] ?? ''), __('Data Protection Officer name. Required under GDPR for many organisations.', 'opentrust')); ?>
+ ds_row_text_typed('dpo_email', __('DPO Email', 'opentrust'), (string) ($settings['dpo_email'] ?? ''), 'email', __('Dedicated DPO mailbox. Rendered as a mailto link.', 'opentrust')); ?>
+ ds_row_text_typed('security_email', __('Security Contact Email', 'opentrust'), (string) ($settings['security_email'] ?? ''), 'email', __('For vulnerability reports and security questions. Often separate from the DPO.', 'opentrust')); ?>
+ ds_row_text_typed('contact_form_url', __('Contact Form URL', 'opentrust'), (string) ($settings['contact_form_url'] ?? ''), 'url', __('Optional link to a gated contact form.', 'opentrust')); ?>
+ ds_row_textarea('contact_address', __('Mailing Address', 'opentrust'), (string) ($settings['contact_address'] ?? ''), __('Postal address for formal GDPR / legal notices.', 'opentrust')); ?>
+ ds_row_text_typed('pgp_key_url', __('PGP Public Key URL', 'opentrust'), (string) ($settings['pgp_key_url'] ?? ''), 'url', __("Optional link to your security team's PGP public key.", 'opentrust')); ?>
+ ds_row_text('company_registration', __('Company Registration Number', 'opentrust'), (string) ($settings['company_registration'] ?? ''), __('KvK (NL), Companies House (UK), Handelsregister (DE), EIN (US), or equivalent business registration.', 'opentrust')); ?>
+ ds_row_text('vat_number', __('VAT / Tax ID', 'opentrust'), (string) ($settings['vat_number'] ?? ''), __('VAT number, sales-tax ID, or equivalent international tax identifier.', 'opentrust')); ?>
+
+
+ ' placeholder="https://" inputmode="url" autocomplete="off"',
+ 'email' => ' autocomplete="off"',
+ default => '',
+ };
+ ?>
+
+
+
+
+
+
+
+
+ >
+
+
+
@@ -868,7 +917,7 @@ class="opentrust-tabbar__tab';
- do_settings_sections('opentrust-settings-contact');
+ $this->ds_render_section_contact();
?>
From 3e4ae27688427817eaba4dbc6574fd41078ba83b Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:50:09 +0200
Subject: [PATCH 05/11] migrate AI Chat tab to design system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rewrites OpenTrust_Admin_AI::render_ai_tab(), the provider picker, the
provider cards, and the main AI settings form to emit design-system
markup. All admin-post handlers (key save/forget/refresh, summary sweep)
stay untouched.
- render_ai_tab() now wraps the intro + rationale in an .opentrust-block
with a card containing an .opentrust-disclosure (new component — see
the CSS extension block).
- Transient notices switch from WP-native .notice to .opentrust-notice
variants (success/error/warn/info) via a shared ds_notice() helper.
- Summary backfill banner: .opentrust-notice--warn with an embedded
admin-post form in .opentrust-notice__actions, primary ghost button.
- Non-anthropic active warning: .opentrust-notice--warn.
- Provider picker: .opentrust-block headed "Step 1 — Connect Anthropic",
primary card uses .opentrust-card + .opentrust-ai-card--primary
variant. Advanced disclosure wraps the existing flat grid of
.opentrust-ai-card--advanced cards.
- Provider card: same content (title/badge/keylink/saved-state/form)
but emits design-system input + button classes, and the saved-state
✓ icon becomes a structured .opentrust-ai-card__check pill matching
the design language.
- AI settings form: id="opentrust-settings-form" so the topbar Save in
the wrap submits it. submit_button() dropped. The table.form-table
becomes two .opentrust-block sections: "Step 2 — Model & defaults"
(model + budgets + rate limits + max-msg + contact URL + three
toggles) and "Anti-abuse — Cloudflare Turnstile" (toggle + site key
+ secret key with masked-bullet placeholder for the encrypted blob).
- AI tab is now treated as has_settings_form so the topbar Save +
Discard render. The opentrust-admin.js dirty tracker prefers the form
the Save button is wired to (via HTML5 form="..." attribute) instead
of just .opentrust-admin form, so the AI tab's many sub-forms (key
save, refresh, forget) don't confuse the dirty tracker.
- Oversized-policies warning becomes an .opentrust-notice--error with a
.opentrust-notice__list bullet list.
CSS additions appended to opentrust-admin.css under an OpenTrust-only
extensions block: .opentrust-disclosure, .opentrust-ai-card variants,
.opentrust-ai-advanced__grid, .opentrust-ai-model-row, .opentrust-row__unit,
.opentrust-field-msg--success, .opentrust-notice__list, .opentrust-notice__actions.
Local ds_row_number() and ds_row_toggle() helpers live in
OpenTrust_Admin_AI because OpenTrust_Admin_Settings::ds_row_* are
private. Lifting them into a shared helper class can happen alongside
the Settings API registrations cleanup in commit 9.
PHPStan level 5 clean.
---
assets/css/opentrust-admin.css | 209 +++++++
assets/js/opentrust-admin.js | 9 +-
includes/class-opentrust-admin-ai.php | 628 ++++++++++----------
includes/class-opentrust-admin-settings.php | 8 +-
4 files changed, 547 insertions(+), 307 deletions(-)
diff --git a/assets/css/opentrust-admin.css b/assets/css/opentrust-admin.css
index 154bd1d..84f0f65 100644
--- a/assets/css/opentrust-admin.css
+++ b/assets/css/opentrust-admin.css
@@ -1438,3 +1438,212 @@ body > .opentrust-modal-backdrop.is-leaving { animation: opentrust-backdrop-out
border-radius: 9px;
line-height: 1;
}
+
+/* ----------------------------------------------------------------------- *
+ * OpenTrust-only extensions: AI tab atoms. *
+ * *
+ * Provider cards (full-width primary card, side-by-side advanced grid), *
+ * disclosure () styling, the model row that pairs the select *
+ * with the Refresh button, and a couple of small utilities used by AI/ *
+ * Contact rows (unit suffix, success field-msg, notice list/actions). *
+ * *
+ * Not part of the shared design system. Extracted with the AI tab if/ *
+ * when the template gains a provider-card primitive. *
+ * ----------------------------------------------------------------------- */
+
+/* Disclosure () inside a card or block */
+.opentrust-admin .opentrust-disclosure {
+ border: 1px solid var(--ettic-border);
+ border-radius: var(--r-md);
+ background: #fff;
+}
+
+.opentrust-admin .opentrust-card > .opentrust-disclosure {
+ border: 0;
+ border-radius: 0;
+ background: transparent;
+}
+
+.opentrust-admin .opentrust-disclosure > summary {
+ cursor: pointer;
+ padding: 12px 14px;
+ font-weight: 600;
+ color: var(--tx-strong);
+ font-size: 13.5px;
+ list-style: none;
+ user-select: none;
+ transition: background 120ms ease;
+}
+
+.opentrust-admin .opentrust-disclosure > summary::-webkit-details-marker { display: none; }
+
+.opentrust-admin .opentrust-disclosure > summary::before {
+ content: "▸";
+ display: inline-block;
+ width: 14px;
+ color: var(--tx-muted);
+ transition: transform 140ms ease;
+}
+
+.opentrust-admin .opentrust-disclosure[open] > summary::before { transform: rotate(90deg); }
+
+.opentrust-admin .opentrust-disclosure > summary:hover { background: var(--ettic-surface-2); }
+
+.opentrust-admin .opentrust-disclosure__body {
+ padding: 4px 14px 14px;
+ color: var(--tx-body);
+}
+
+.opentrust-admin .opentrust-disclosure__body > p {
+ margin: 0 0 10px;
+ line-height: 1.55;
+}
+
+.opentrust-admin .opentrust-disclosure__body > p:last-child { margin-bottom: 0; }
+
+/* AI provider card */
+.opentrust-admin .opentrust-ai-card { padding: 16px 18px; }
+
+.opentrust-admin .opentrust-ai-card--primary {
+ margin-top: 14px;
+ border-color: var(--ettic-blue);
+ box-shadow: 0 1px 2px rgba(15,92,250,0.06);
+}
+
+.opentrust-admin .opentrust-ai-card__header {
+ display: flex;
+ align-items: center;
+ justify-content: space-between;
+ gap: 10px;
+ margin-bottom: 6px;
+}
+
+.opentrust-admin .opentrust-ai-card__title {
+ margin: 0;
+ font-size: 15px;
+ font-weight: 600;
+ color: var(--tx-strong);
+}
+
+.opentrust-admin .opentrust-ai-card__badge {
+ display: inline-flex;
+ align-items: center;
+ height: 22px;
+ padding: 0 10px;
+ font-size: 11px;
+ font-weight: 600;
+ letter-spacing: 0.02em;
+ color: var(--ettic-blue);
+ background: var(--ettic-blue-soft);
+ border-radius: 11px;
+ line-height: 1;
+}
+
+.opentrust-admin .opentrust-ai-card__description {
+ margin: 4px 0 10px;
+ color: var(--tx-body);
+ line-height: 1.55;
+}
+
+.opentrust-admin .opentrust-ai-card__keylink {
+ margin: 0 0 14px;
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-ai-card__saved {
+ display: inline-flex;
+ align-items: center;
+ gap: 7px;
+ padding: 6px 12px;
+ margin: 0 0 10px;
+ background: #ECF9F1;
+ border: 1px solid #B6E5C9;
+ color: #1B5E36;
+ border-radius: var(--r-sm);
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-ai-card__check {
+ display: inline-flex;
+ align-items: center;
+ justify-content: center;
+ width: 14px;
+ height: 14px;
+ border-radius: 50%;
+ background: #1B8E45;
+ color: #fff;
+}
+
+.opentrust-admin .opentrust-ai-card__check svg { width: 9px; height: 9px; }
+
+.opentrust-admin .opentrust-ai-card__saved code {
+ background: transparent;
+ color: inherit;
+ font-size: 12.5px;
+}
+
+.opentrust-admin .opentrust-ai-card__form {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ gap: 8px;
+}
+
+.opentrust-admin .opentrust-ai-card__form .opentrust-input { flex: 1 1 260px; min-width: 0; }
+
+/* Advanced provider grid */
+.opentrust-admin .opentrust-ai-advanced__grid {
+ display: grid;
+ grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+ gap: 14px;
+ margin-top: 8px;
+}
+
+.opentrust-admin .opentrust-ai-card--advanced { padding: 14px 16px; }
+.opentrust-admin .opentrust-ai-card--advanced .opentrust-ai-card__title { font-size: 14px; }
+
+/* Model select + refresh button */
+.opentrust-admin .opentrust-ai-model-row {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ gap: 8px;
+}
+
+.opentrust-admin .opentrust-ai-model-row .opentrust-select { min-width: 320px; }
+
+/* Generic row helpers */
+.opentrust-admin .opentrust-row__unit {
+ font-size: 13px;
+ color: var(--tx-muted);
+ margin-left: 8px;
+}
+
+/* Field message — success variant (template ships error only) */
+.opentrust-admin .opentrust-field-msg--success { color: #1B5E36; }
+
+/* Notice — list + action-row variants used by AI tab banners */
+.opentrust-admin .opentrust-notice__list {
+ margin: 6px 0 0 18px;
+ padding: 0;
+ list-style: disc;
+}
+
+.opentrust-admin .opentrust-notice__list li {
+ margin: 2px 0;
+}
+
+.opentrust-admin .opentrust-notice__actions {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 8px;
+ margin-top: 10px;
+}
+
+/* Default inside notice body styled like a title */
+.opentrust-admin .opentrust-notice__body > strong {
+ display: block;
+ font-weight: 600;
+ margin: 0 0 2px;
+ font-size: 13.5px;
+}
diff --git a/assets/js/opentrust-admin.js b/assets/js/opentrust-admin.js
index 4c80055..7ed96e7 100644
--- a/assets/js/opentrust-admin.js
+++ b/assets/js/opentrust-admin.js
@@ -140,7 +140,14 @@
labelEl = document.querySelector( '[data-dirty-label]' );
saveBtn = document.querySelector( '[data-save]' );
discardBtn = document.querySelector( '[data-discard]' );
- form = document.querySelector( '.opentrust-admin form' );
+ // Prefer the form the topbar Save is wired to (HTML5 `form="..."` attr,
+ // which points at the active tab's Settings API form on multi-form
+ // screens like AI Chat). Fall back to the first form inside the wrap.
+ var saveTargetId = saveBtn ? saveBtn.getAttribute( 'form' ) : null;
+ form = saveTargetId ? document.getElementById( saveTargetId ) : null;
+ if ( ! form ) {
+ form = document.querySelector( '.opentrust-admin form' );
+ }
if ( ! dirtyEl || ! saveBtn || ! form ) {
return;
}
diff --git a/includes/class-opentrust-admin-ai.php b/includes/class-opentrust-admin-ai.php
index c7add98..0439695 100644
--- a/includes/class-opentrust-admin-ai.php
+++ b/includes/class-opentrust-admin-ai.php
@@ -50,69 +50,70 @@ public function render_ai_tab(array $settings): void {
$has_active_key = $active_provider !== '' && isset($stored_keys[$active_provider]);
$is_non_anthropic_active = $has_active_key && $active_provider !== 'anthropic';
- // Surface any transient notice from the admin-post handlers.
+ // Transient notice from the admin-post handlers.
$notice = get_transient('opentrust_ai_notice_' . get_current_user_id());
if (is_array($notice)) {
delete_transient('opentrust_ai_notice_' . get_current_user_id());
- $class = $notice['type'] === 'error' ? 'notice-error' : 'notice-success';
- printf(
- '%s
',
- esc_attr($class),
- esc_html((string) $notice['message'])
- );
+ $variant = $notice['type'] === 'error' ? 'error' : 'success';
+ $this->ds_notice($variant, (string) ($notice['message'] ?? ''));
}
$this->render_summary_backfill_banner($settings, $has_active_key);
- ?>
-
-
-
-
- ' . esc_html(ucfirst($active_provider)) . '' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
- );
- ?>
-
-
-
-
-
- Anthropic Claude with the native Citations API
to answer visitor questions about your trust center. Every claim the assistant makes is tied to an exact quote from one of your published documents — so no policy text is invented and nothing is paraphrased into something you did not actually publish.', 'opentrust'),
- ['strong' => []]
+ if ($is_non_anthropic_active):
+ $intro = sprintf(
+ /* translators: %s: provider label, e.g. OpenAI */
+ __('You are currently using %s. Only Anthropic uses a structural Citations API — every other provider relies on prompted citation tags the model can ignore or fabricate. For a published trust center, switch to Anthropic below.', 'opentrust'),
+ ucfirst($active_provider)
);
?>
-
+
+
+
+
+
+
+
-
-
-
+
+
+
compliance surface. If the assistant invents a security commitment you never made, that is not a UX papercut — it is a misrepresentation of your security posture, and your customers and auditors will hold you to it.', 'opentrust'),
+ __('OpenTrust uses Anthropic Claude with the native Citations API to answer visitor questions about your trust center. Every claim the assistant makes is tied to an exact quote from one of your published documents — no policy text is invented, nothing is paraphrased into something you did not publish.', 'opentrust'),
['strong' => []]
);
?>
-
- only major provider that exposes a structural Citations API. Documents are sent as typed blocks and the model emits citations as first-class events containing the exact source document and the exact quoted text. The model literally cannot return a citation for text that is not in your source documents.', 'opentrust'),
- ['strong' => []]
- );
- ?>
-
-
-
-
+
+
+
+
+
+
+ compliance surface. If the assistant invents a security commitment you never made, that is not a UX papercut — it is a misrepresentation of your security posture, and your customers and auditors will hold you to it.', 'opentrust'),
+ ['strong' => []]
+ );
+ ?>
+
+
+ only major provider that exposes a structural Citations API. Documents are sent as typed blocks and the model emits citations as first-class events containing the exact source document and the exact quoted text. The model literally cannot return a citation for text that is not in your source documents.', 'opentrust'),
+ ['strong' => []]
+ );
+ ?>
+
+
+
+
+
+
-
+
render_ai_provider_picker($settings, $stored_keys); ?>
@@ -122,6 +123,24 @@ public function render_ai_tab(array $settings): void {
+
+
+
+
+
+
+
+
+
@@ -140,32 +159,27 @@ private function render_summary_backfill_banner(array $settings, bool $has_activ
if ($missing < 1) {
return;
}
+ $heading = sprintf(
+ /* translators: %d is the number of policies missing AI summaries. */
+ _n(
+ '%d policy is missing an AI summary.',
+ '%d policies are missing AI summaries.',
+ $missing,
+ 'opentrust'
+ ),
+ (int) $missing
+ );
?>
-
-
-
-
-
-
-
-
+
+
+
+
+
+
' . esc_html__('Choose a provider and add your key', 'opentrust') . '';
- echo '';
- foreach ($providers as $provider) {
- $this->render_provider_card($provider, $stored_keys, $active_provider, 'advanced');
- }
- echo '';
+ ?>
+
+
+
+
+
+
+
+ render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
+
+
+
+
-
-
- render_provider_card($primary, $stored_keys, $active_provider, 'primary'); ?>
-
-
- >
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
-
-
-
-
+
+
+
+
+
+ render_provider_card($primary, $stored_keys, $active_provider, 'primary'); ?>
+
+
+ >
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
+
+
+
+
+
+
-
-
+
+
-
+
-
+
-
+
-
- ✓
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ✓
-
-
-
-
-
-
-
+
+
+
+
+
+
+ ds_row_toggle('ai_turnstile_enabled', __('Enable Turnstile for chat', 'opentrust'), !empty($settings['ai_turnstile_enabled']), __('Require Turnstile verification on first chat message.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ['label' => __('General', 'opentrust'), 'url' => $base_url],
'contact' => ['label' => __('Contact', 'opentrust'), 'url' => add_query_arg('tab', 'contact', $base_url)],
From 006cb2ba70a67e7ca5a66e35e256f00581de401b Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:52:38 +0200
Subject: [PATCH 06/11] migrate Questions log screen to design system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenTrust_Admin_Questions::render_page() now wraps in .opentrust-admin
with the dark topbar (brand mark + version + back-to-AI-settings link +
View Trust Center link), no Save (read-only screen), the topbar__head
title block, an .opentrust-stack of section blocks, and the shared
\OpenTrust\Admin\Footer at the bottom.
Each surface on the page is rebuilt with design-system markup:
- Logging on/off banner → .opentrust-notice--success or --warn with an
inline toggle action in .opentrust-notice__actions.
- Filter form → .opentrust-block + .opentrust-card with a new
.opentrust-filterbar layout (label-above-input columns + grouped
actions on the right). Inputs and select use design system classes.
- Log table → .opentrust-card--flush (new variant — drops card padding
so the table can span edges) containing a token-styled
.opentrust-log-table. Refused rows highlight in warn tones; meta
columns use mono, tabular-nums, and muted text.
- Pagination → paginate_links() output restyled inside
.opentrust-log-table__pagination (rounded chip per page, blue
active, gray dots).
- Danger zone → .opentrust-action-row inside a card with a
.opentrust-btn--danger Clear button (kept the same confirm() flow).
CSS additions (Questions-only extensions block in opentrust-admin.css):
.opentrust-card--flush, .opentrust-filterbar*, .opentrust-log-table*,
plus the pagination styling that overrides paginate_links()'s defaults.
Logic is unchanged — same filter handling, same query, same export /
clear / toggle-logging admin-post handlers.
PHPStan level 5 clean.
---
assets/css/opentrust-admin.css | 125 +++++++
includes/class-opentrust-admin-questions.php | 326 +++++++++++--------
2 files changed, 323 insertions(+), 128 deletions(-)
diff --git a/assets/css/opentrust-admin.css b/assets/css/opentrust-admin.css
index 84f0f65..e0298d9 100644
--- a/assets/css/opentrust-admin.css
+++ b/assets/css/opentrust-admin.css
@@ -1647,3 +1647,128 @@ body > .opentrust-modal-backdrop.is-leaving { animation: opentrust-backdrop-out
margin: 0 0 2px;
font-size: 13.5px;
}
+
+/* ----------------------------------------------------------------------- *
+ * OpenTrust-only extensions: Questions log screen. *
+ * *
+ * Filter toolbar (label-above-input columns + an actions group), a *
+ * lightweight log table styled with design tokens, and a flush card *
+ * variant that lets the table span the card edge-to-edge. *
+ * ----------------------------------------------------------------------- */
+
+/* Flush card: drops the padding so a table or media block can span edges */
+.opentrust-admin .opentrust-card--flush { padding: 0; overflow: hidden; }
+
+/* Filter toolbar */
+.opentrust-admin .opentrust-filterbar {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 10px 14px;
+ align-items: flex-end;
+}
+
+.opentrust-admin .opentrust-filterbar__field { display: flex; flex-direction: column; gap: 4px; min-width: 0; }
+.opentrust-admin .opentrust-filterbar__field label {
+ font-size: 11px;
+ font-weight: 600;
+ color: var(--tx-muted);
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+}
+
+.opentrust-admin .opentrust-filterbar__field input,
+.opentrust-admin .opentrust-filterbar__field .opentrust-select { min-width: 0; }
+
+.opentrust-admin .opentrust-filterbar__actions {
+ display: inline-flex;
+ flex-wrap: wrap;
+ gap: 8px;
+ margin-left: auto;
+}
+
+.opentrust-admin .opentrust-filterbar__export { margin-left: auto; }
+
+/* Log table */
+.opentrust-admin .opentrust-log-table {
+ width: 100%;
+ border-collapse: separate;
+ border-spacing: 0;
+ font-size: 13px;
+ color: var(--tx-body);
+}
+
+.opentrust-admin .opentrust-log-table thead th {
+ padding: 9px 14px;
+ font-size: 11px;
+ font-weight: 600;
+ color: var(--tx-muted);
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+ text-align: left;
+ background: var(--ettic-surface-2);
+ border-bottom: 1px solid var(--ettic-border);
+ white-space: nowrap;
+}
+
+.opentrust-admin .opentrust-log-table tbody td {
+ padding: 10px 14px;
+ border-bottom: 1px solid var(--ettic-border);
+ vertical-align: top;
+}
+
+.opentrust-admin .opentrust-log-table tbody tr:last-child td { border-bottom: 0; }
+.opentrust-admin .opentrust-log-table tbody tr:nth-child(even) { background: #FBFCFD; }
+.opentrust-admin .opentrust-log-table tbody tr.is-refused { background: #FFF7EC; }
+.opentrust-admin .opentrust-log-table tbody tr.is-refused:nth-child(even) { background: #FFF1DA; }
+
+.opentrust-admin .opentrust-log-table__empty td { text-align: center; color: var(--tx-muted); padding: 24px 14px; }
+
+.opentrust-admin .opentrust-log-table__date { white-space: nowrap; color: var(--tx-muted); font-size: 12.5px; }
+.opentrust-admin .opentrust-log-table__num { text-align: right; width: 64px; font-variant-numeric: tabular-nums; }
+.opentrust-admin .opentrust-log-table__meta { font-size: 12px; color: var(--tx-muted); font-variant-numeric: tabular-nums; white-space: nowrap; }
+.opentrust-admin .opentrust-log-table__model { font-family: var(--ff-mono); font-size: 11.5px; background: transparent; color: var(--tx-muted); padding: 0; }
+
+.opentrust-admin .opentrust-log-table__refused {
+ display: inline-block;
+ padding: 1px 7px;
+ margin-right: 6px;
+ font-size: 10px;
+ font-weight: 700;
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+ background: var(--warn-bg);
+ color: var(--warn);
+ border-radius: 9px;
+}
+
+/* Pagination — restyle paginate_links() output to fit the design system */
+.opentrust-admin .opentrust-log-table__pagination {
+ display: flex;
+ justify-content: center;
+ gap: 4px;
+ padding: 12px 14px;
+ background: var(--ettic-surface-2);
+ border-top: 1px solid var(--ettic-border);
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-log-table__pagination .page-numbers {
+ display: inline-flex;
+ align-items: center;
+ min-width: 28px;
+ height: 28px;
+ padding: 0 9px;
+ border-radius: var(--r-sm);
+ border: 1px solid var(--ettic-border);
+ background: #fff;
+ color: var(--tx-strong);
+ text-decoration: none;
+}
+
+.opentrust-admin .opentrust-log-table__pagination .page-numbers:hover { border-color: var(--ettic-border-hi); color: var(--ettic-blue); }
+.opentrust-admin .opentrust-log-table__pagination .page-numbers.current {
+ background: var(--ettic-blue);
+ border-color: var(--ettic-blue);
+ color: #fff;
+}
+.opentrust-admin .opentrust-log-table__pagination .page-numbers.dots { border: 0; background: transparent; color: var(--tx-quiet); }
diff --git a/includes/class-opentrust-admin-questions.php b/includes/class-opentrust-admin-questions.php
index a8bd6a5..d7feb65 100644
--- a/includes/class-opentrust-admin-questions.php
+++ b/includes/class-opentrust-admin-questions.php
@@ -55,12 +55,14 @@ public function render_page(): void {
];
// phpcs:enable WordPress.Security.NonceVerification.Recommended
- $result = OpenTrust_Chat_Log::query($filters);
- $total = $result['total'];
- $rows = $result['rows'];
- $pages = max(1, (int) ceil($total / $filters['per_page']));
- $models = OpenTrust_Chat_Log::distinct_models();
- $counts = OpenTrust_Chat_Log::total_count();
+ $result = OpenTrust_Chat_Log::query($filters);
+ $total = $result['total'];
+ $rows = $result['rows'];
+ $pages = max(1, (int) ceil($total / $filters['per_page']));
+ $models = OpenTrust_Chat_Log::distinct_models();
+ $counts = OpenTrust_Chat_Log::total_count();
+ $tc_url = home_url('/' . ($settings['endpoint_slug'] ?? OpenTrust::DEFAULT_ENDPOINT_SLUG) . '/');
+ $back_url = admin_url('admin.php?page=opentrust&tab=ai');
$export_url = wp_nonce_url(
admin_url('admin-post.php?action=opentrust_ai_questions_export&' . http_build_query(array_filter($filters + ['paged' => 0]))),
@@ -75,137 +77,205 @@ public function render_page(): void {
'opentrust_ai_toggle_logging'
);
- $notice = get_transient('opentrust_ai_notice_' . get_current_user_id());
- if (is_array($notice)) {
- delete_transient('opentrust_ai_notice_' . get_current_user_id());
- $class = $notice['type'] === 'error' ? 'notice-error' : 'notice-success';
- printf('%s
', esc_attr($class), esc_html((string) $notice['message']));
- }
+ $logging_on = !empty($settings['ai_logging_enabled']);
?>
-
-
-
-
-
-
-
-
+
+ render_tab(); ?>
+
+ render_ai_tab($settings); ?>
+
+
+
+
+
+
+
+
+ ds_row_text('endpoint_slug', __('Endpoint Slug', 'opentrust'), (string) ($settings['endpoint_slug'] ?? ''), __('The URL path for your trust center (e.g. "trust-center" = yoursite.com/trust-center/).', 'opentrust')); ?>
+ ds_row_text('page_title', __('Page Title', 'opentrust'), (string) ($settings['page_title'] ?? '')); ?>
+ ds_row_text('company_name', __('Company Name', 'opentrust'), (string) ($settings['company_name'] ?? '')); ?>
+ ds_row_textarea('tagline', __('Tagline', 'opentrust'), (string) ($settings['tagline'] ?? ''), __('A short description displayed below the company name in the hero.', 'opentrust')); ?>
+
+
+ ds_row_media('logo_id', __('Logo', 'opentrust'), (int) ($settings['logo_id'] ?? 0), __('Used in the hero and sticky nav. A white version is recommended — it sits on a dark background.', 'opentrust')); ?>
+ ds_row_media('avatar_id', __('AI Avatar', 'opentrust'), (int) ($settings['avatar_id'] ?? 0), __('Square image used as the avatar on AI chat responses. A colored background with a light/dark mark on top works well.', 'opentrust')); ?>
+ ds_row_accent_color($settings); ?>
+ ds_row_toggle('show_powered_by', __('Credit Link', 'opentrust'), !empty($settings['show_powered_by']), __('Show a "Powered by OpenTrust" credit in the trust center footer. Off by default — public credits are opt-in.', 'opentrust')); ?>
+
+
+ ds_row_sections((array) ($settings['sections_visible'] ?? [])); ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ + +
++ +
+ +
+
+
+
+ + +
+ + +
+
+
+
+
+
+
+ $label): ?>
+
+
+
+
+
+ ds_row_textarea('company_description', __('Company Description', 'opentrust'), (string) ($settings['company_description'] ?? ''), __('Two or three sentences describing what the company does. Rendered under the "Get in touch" section title.', 'opentrust')); ?>
+ ds_row_text('dpo_name', __('DPO Name', 'opentrust'), (string) ($settings['dpo_name'] ?? ''), __('Data Protection Officer name. Required under GDPR for many organisations.', 'opentrust')); ?>
+ ds_row_text_typed('dpo_email', __('DPO Email', 'opentrust'), (string) ($settings['dpo_email'] ?? ''), 'email', __('Dedicated DPO mailbox. Rendered as a mailto link.', 'opentrust')); ?>
+ ds_row_text_typed('security_email', __('Security Contact Email', 'opentrust'), (string) ($settings['security_email'] ?? ''), 'email', __('For vulnerability reports and security questions. Often separate from the DPO.', 'opentrust')); ?>
+ ds_row_text_typed('contact_form_url', __('Contact Form URL', 'opentrust'), (string) ($settings['contact_form_url'] ?? ''), 'url', __('Optional link to a gated contact form.', 'opentrust')); ?>
+ ds_row_textarea('contact_address', __('Mailing Address', 'opentrust'), (string) ($settings['contact_address'] ?? ''), __('Postal address for formal GDPR / legal notices.', 'opentrust')); ?>
+ ds_row_text_typed('pgp_key_url', __('PGP Public Key URL', 'opentrust'), (string) ($settings['pgp_key_url'] ?? ''), 'url', __("Optional link to your security team's PGP public key.", 'opentrust')); ?>
+ ds_row_text('company_registration', __('Company Registration Number', 'opentrust'), (string) ($settings['company_registration'] ?? ''), __('KvK (NL), Companies House (UK), Handelsregister (DE), EIN (US), or equivalent business registration.', 'opentrust')); ?>
+ ds_row_text('vat_number', __('VAT / Tax ID', 'opentrust'), (string) ($settings['vat_number'] ?? ''), __('VAT number, sales-tax ID, or equivalent international tax identifier.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+ >
+
+ ) inside a card or block */
+.opentrust-admin .opentrust-disclosure {
+ border: 1px solid var(--ettic-border);
+ border-radius: var(--r-md);
+ background: #fff;
+}
+
+.opentrust-admin .opentrust-card > .opentrust-disclosure {
+ border: 0;
+ border-radius: 0;
+ background: transparent;
+}
+
+.opentrust-admin .opentrust-disclosure > summary {
+ cursor: pointer;
+ padding: 12px 14px;
+ font-weight: 600;
+ color: var(--tx-strong);
+ font-size: 13.5px;
+ list-style: none;
+ user-select: none;
+ transition: background 120ms ease;
+}
+
+.opentrust-admin .opentrust-disclosure > summary::-webkit-details-marker { display: none; }
+
+.opentrust-admin .opentrust-disclosure > summary::before {
+ content: "▸";
+ display: inline-block;
+ width: 14px;
+ color: var(--tx-muted);
+ transition: transform 140ms ease;
+}
+
+.opentrust-admin .opentrust-disclosure[open] > summary::before { transform: rotate(90deg); }
+
+.opentrust-admin .opentrust-disclosure > summary:hover { background: var(--ettic-surface-2); }
+
+.opentrust-admin .opentrust-disclosure__body {
+ padding: 4px 14px 14px;
+ color: var(--tx-body);
+}
+
+.opentrust-admin .opentrust-disclosure__body > p {
+ margin: 0 0 10px;
+ line-height: 1.55;
+}
+
+.opentrust-admin .opentrust-disclosure__body > p:last-child { margin-bottom: 0; }
+
+/* AI provider card */
+.opentrust-admin .opentrust-ai-card { padding: 16px 18px; }
+
+.opentrust-admin .opentrust-ai-card--primary {
+ margin-top: 14px;
+ border-color: var(--ettic-blue);
+ box-shadow: 0 1px 2px rgba(15,92,250,0.06);
+}
+
+.opentrust-admin .opentrust-ai-card__header {
+ display: flex;
+ align-items: center;
+ justify-content: space-between;
+ gap: 10px;
+ margin-bottom: 6px;
+}
+
+.opentrust-admin .opentrust-ai-card__title {
+ margin: 0;
+ font-size: 15px;
+ font-weight: 600;
+ color: var(--tx-strong);
+}
+
+.opentrust-admin .opentrust-ai-card__badge {
+ display: inline-flex;
+ align-items: center;
+ height: 22px;
+ padding: 0 10px;
+ font-size: 11px;
+ font-weight: 600;
+ letter-spacing: 0.02em;
+ color: var(--ettic-blue);
+ background: var(--ettic-blue-soft);
+ border-radius: 11px;
+ line-height: 1;
+}
+
+.opentrust-admin .opentrust-ai-card__description {
+ margin: 4px 0 10px;
+ color: var(--tx-body);
+ line-height: 1.55;
+}
+
+.opentrust-admin .opentrust-ai-card__keylink {
+ margin: 0 0 14px;
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-ai-card__saved {
+ display: inline-flex;
+ align-items: center;
+ gap: 7px;
+ padding: 6px 12px;
+ margin: 0 0 10px;
+ background: #ECF9F1;
+ border: 1px solid #B6E5C9;
+ color: #1B5E36;
+ border-radius: var(--r-sm);
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-ai-card__check {
+ display: inline-flex;
+ align-items: center;
+ justify-content: center;
+ width: 14px;
+ height: 14px;
+ border-radius: 50%;
+ background: #1B8E45;
+ color: #fff;
+}
+
+.opentrust-admin .opentrust-ai-card__check svg { width: 9px; height: 9px; }
+
+.opentrust-admin .opentrust-ai-card__saved code {
+ background: transparent;
+ color: inherit;
+ font-size: 12.5px;
+}
+
+.opentrust-admin .opentrust-ai-card__form {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ gap: 8px;
+}
+
+.opentrust-admin .opentrust-ai-card__form .opentrust-input { flex: 1 1 260px; min-width: 0; }
+
+/* Advanced provider grid */
+.opentrust-admin .opentrust-ai-advanced__grid {
+ display: grid;
+ grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+ gap: 14px;
+ margin-top: 8px;
+}
+
+.opentrust-admin .opentrust-ai-card--advanced { padding: 14px 16px; }
+.opentrust-admin .opentrust-ai-card--advanced .opentrust-ai-card__title { font-size: 14px; }
+
+/* Model select + refresh button */
+.opentrust-admin .opentrust-ai-model-row {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ gap: 8px;
+}
+
+.opentrust-admin .opentrust-ai-model-row .opentrust-select { min-width: 320px; }
+
+/* Generic row helpers */
+.opentrust-admin .opentrust-row__unit {
+ font-size: 13px;
+ color: var(--tx-muted);
+ margin-left: 8px;
+}
+
+/* Field message — success variant (template ships error only) */
+.opentrust-admin .opentrust-field-msg--success { color: #1B5E36; }
+
+/* Notice — list + action-row variants used by AI tab banners */
+.opentrust-admin .opentrust-notice__list {
+ margin: 6px 0 0 18px;
+ padding: 0;
+ list-style: disc;
+}
+
+.opentrust-admin .opentrust-notice__list li {
+ margin: 2px 0;
+}
+
+.opentrust-admin .opentrust-notice__actions {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 8px;
+ margin-top: 10px;
+}
+
+/* Default inside notice body styled like a title */
+.opentrust-admin .opentrust-notice__body > strong {
+ display: block;
+ font-weight: 600;
+ margin: 0 0 2px;
+ font-size: 13.5px;
+}
diff --git a/assets/js/opentrust-admin.js b/assets/js/opentrust-admin.js
index 4c80055..7ed96e7 100644
--- a/assets/js/opentrust-admin.js
+++ b/assets/js/opentrust-admin.js
@@ -140,7 +140,14 @@
labelEl = document.querySelector( '[data-dirty-label]' );
saveBtn = document.querySelector( '[data-save]' );
discardBtn = document.querySelector( '[data-discard]' );
- form = document.querySelector( '.opentrust-admin form' );
+ // Prefer the form the topbar Save is wired to (HTML5 `form="..."` attr,
+ // which points at the active tab's Settings API form on multi-form
+ // screens like AI Chat). Fall back to the first form inside the wrap.
+ var saveTargetId = saveBtn ? saveBtn.getAttribute( 'form' ) : null;
+ form = saveTargetId ? document.getElementById( saveTargetId ) : null;
+ if ( ! form ) {
+ form = document.querySelector( '.opentrust-admin form' );
+ }
if ( ! dirtyEl || ! saveBtn || ! form ) {
return;
}
diff --git a/includes/class-opentrust-admin-ai.php b/includes/class-opentrust-admin-ai.php
index c7add98..0439695 100644
--- a/includes/class-opentrust-admin-ai.php
+++ b/includes/class-opentrust-admin-ai.php
@@ -50,69 +50,70 @@ public function render_ai_tab(array $settings): void {
$has_active_key = $active_provider !== '' && isset($stored_keys[$active_provider]);
$is_non_anthropic_active = $has_active_key && $active_provider !== 'anthropic';
- // Surface any transient notice from the admin-post handlers.
+ // Transient notice from the admin-post handlers.
$notice = get_transient('opentrust_ai_notice_' . get_current_user_id());
if (is_array($notice)) {
delete_transient('opentrust_ai_notice_' . get_current_user_id());
- $class = $notice['type'] === 'error' ? 'notice-error' : 'notice-success';
- printf(
- '',
- esc_attr($class),
- esc_html((string) $notice['message'])
- );
+ $variant = $notice['type'] === 'error' ? 'error' : 'success';
+ $this->ds_notice($variant, (string) ($notice['message'] ?? ''));
}
$this->render_summary_backfill_banner($settings, $has_active_key);
- ?>
-
-
%s
-
-
-
-
- - ' . esc_html(ucfirst($active_provider)) . '' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped - ); - ?> -
-- Anthropic Claude with the native Citations API
to answer visitor questions about your trust center. Every claim the assistant makes is tied to an exact quote from one of your published documents — so no policy text is invented and nothing is paraphrased into something you did not actually publish.', 'opentrust'), - ['strong' => []] + if ($is_non_anthropic_active): + $intro = sprintf( + /* translators: %s: provider label, e.g. OpenAI */ + __('You are currently using %s. Only Anthropic uses a structural Citations API — every other provider relies on prompted citation tags the model can ignore or fabricate. For a published trust center, switch to Anthropic below.', 'opentrust'), + ucfirst($active_provider) ); ?> - +
+
+
-
+
+
+
+
-
-
+
+
+
+
render_ai_provider_picker($settings, $stored_keys); ?>
@@ -122,6 +123,24 @@ public function render_ai_tab(array $settings): void {
+
-
-
-
+
+
+
+
+
+
+ ', esc_attr($class), esc_html((string) $notice['message']));
- }
+ $logging_on = !empty($settings['ai_logging_enabled']);
?>
-
compliance surface. If the assistant invents a security commitment you never made, that is not a UX papercut — it is a misrepresentation of your security posture, and your customers and auditors will hold you to it.', 'opentrust'), + __('OpenTrust uses Anthropic Claude with the native Citations API to answer visitor questions about your trust center. Every claim the assistant makes is tied to an exact quote from one of your published documents — no policy text is invented, nothing is paraphrased into something you did not publish.', 'opentrust'), ['strong' => []] ); ?>
-- only major provider that exposes a structural Citations API. Documents are sent as typed blocks and the model emits citations as first-class events containing the exact source document and the exact quoted text. The model literally cannot return a citation for text that is not in your source documents.', 'opentrust'), - ['strong' => []] - ); - ?> -
-- -
+
+
-
+
+
+
+
+ + compliance surface. If the assistant invents a security commitment you never made, that is not a UX papercut — it is a misrepresentation of your security posture, and your customers and auditors will hold you to it.', 'opentrust'), + ['strong' => []] + ); + ?> +
++ only major provider that exposes a structural Citations API. Documents are sent as typed blocks and the model emits citations as first-class events containing the exact source document and the exact quoted text. The model literally cannot return a citation for text that is not in your source documents.', 'opentrust'), + ['strong' => []] + ); + ?> +
++ +
+
+
+
@@ -140,32 +159,27 @@ private function render_summary_backfill_banner(array $settings, bool $has_activ
if ($missing < 1) {
return;
}
+ $heading = sprintf(
+ /* translators: %d is the number of policies missing AI summaries. */
+ _n(
+ '%d policy is missing an AI summary.',
+ '%d policies are missing AI summaries.',
+ $missing,
+ 'opentrust'
+ ),
+ (int) $missing
+ );
?>
-
+
+
+
+
+
+
-
+
+
+
+
+
+
-
-
- render_provider_card($primary, $stored_keys, $active_provider, 'primary'); ?>
-
-
-
+
+
+
+
+ render_provider_card($primary, $stored_keys, $active_provider, 'primary'); ?>
+
+
+
+
+
+
+ - - - - -
- +
+
' . esc_html__('Choose a provider and add your key', 'opentrust') . '';
- echo '
+
+
+
+
';
- foreach ($providers as $provider) {
- $this->render_provider_card($provider, $stored_keys, $active_provider, 'advanced');
- }
- echo '
';
+ ?>
+
+
+ render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
+
+
+ >
-
-
+ - -
-
-
-
- - -
-- - -
-
-
- render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
-
-
- >
+
+
+ +
+
+
+
+
+
+
+
+ + + +
+
+
+ render_provider_card($provider, $stored_keys, $active_provider, 'advanced'); ?>
+
+
+
-
+
+ ds_row_number('ai_daily_token_budget', __('Daily token budget', 'opentrust'), (int) ($settings['ai_daily_token_budget'] ?? OpenTrust_Chat_Budget::DEFAULT_DAILY_TOKEN_BUDGET), 0, 100000000, 10000, __('tokens', 'opentrust'), __('Hard cap per site per day. Default 500,000 (~$12/day at Sonnet 4.5 rates).', 'opentrust')); ?>
+
+ ds_row_number('ai_monthly_token_budget', __('Monthly token budget', 'opentrust'), (int) ($settings['ai_monthly_token_budget'] ?? OpenTrust_Chat_Budget::DEFAULT_MONTHLY_TOKEN_BUDGET), 0, 1000000000, 100000, __('tokens', 'opentrust'), __('Hard cap per site per month. Default 10,000,000.', 'opentrust')); ?>
+
+ ds_row_number('ai_rate_limit_per_ip', __('Rate limit — per IP', 'opentrust'), (int) ($settings['ai_rate_limit_per_ip'] ?? 10), 0, 1000, 1, __('messages per minute', 'opentrust')); ?>
+
+ ds_row_number('ai_rate_limit_per_session', __('Rate limit — per session', 'opentrust'), (int) ($settings['ai_rate_limit_per_session'] ?? 50), 0, 10000, 1, __('messages per hour', 'opentrust')); ?>
+
+ ds_row_number('ai_max_message_length', __('Max message length', 'opentrust'), (int) ($settings['ai_max_message_length'] ?? OpenTrust_Chat::DEFAULT_MAX_MESSAGE_LENGTH), 100, 4000, 100, __('characters', 'opentrust')); ?>
+
+
-
+
+
+
-
+
- +
-
+
-
- ✓
+
+
+
+
-
-
@@ -305,205 +332,202 @@ private function render_provider_card(array $provider, array $stored_keys, strin
}
private function render_ai_settings_form(array $settings): void {
- $active_provider = $settings['ai_provider'];
+ $active_provider = (string) $settings['ai_provider'];
$models = $this->get_cached_model_list($active_provider);
- $current_model = $settings['ai_model'] ?? '';
+ $current_model = (string) ($settings['ai_model'] ?? '');
$refresh_url = wp_nonce_url(
admin_url('admin-post.php?action=opentrust_ai_refresh_models&provider=' . rawurlencode($active_provider)),
'opentrust_ai_refresh_models'
);
+ $cached_at = (int) ($settings['ai_model_list_cached_at'] ?? 0);
+ $oversized = class_exists('OpenTrust_Chat_Corpus') ? OpenTrust_Chat_Corpus::oversized_policies() : [];
+ $secret_saved = !empty($settings['turnstile_secret_key']);
?>
-
-
-
+
+
+ ds_row_toggle('ai_show_model_attribution', __('Visitor display', 'opentrust'), !empty($settings['ai_show_model_attribution']), __('Show the active model name under the chat input.', 'opentrust')); ?>
+
+ ds_row_toggle('ai_logging_enabled', __('Analytics logging', 'opentrust'), !empty($settings['ai_logging_enabled']), __('Log anonymised visitor questions for admin review (90-day auto-purge, no PII).', 'opentrust')); ?>
+
+ ds_row_toggle('ai_auto_summarize', __('Improve answer quality', 'opentrust'), !empty($settings['ai_auto_summarize']), __('Auto-generate a 2–3 sentence AI summary of each policy for routing. Cost ~$0.05–$0.10 per 50 policies lifetime; pennies per edit afterward. Uses your configured AI key.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+
+
-
-
+
+
+
+ -
+
+
+
+
- -
-| - | - - | -
|---|---|
| - | - - - | -
| - | - - - - ✓ - - - | -
+ ds_row_toggle('ai_turnstile_enabled', __('Enable Turnstile for chat', 'opentrust'), !empty($settings['ai_turnstile_enabled']), __('Require Turnstile verification on first chat message.', 'opentrust')); ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ['label' => __('General', 'opentrust'), 'url' => $base_url],
'contact' => ['label' => __('Contact', 'opentrust'), 'url' => add_query_arg('tab', 'contact', $base_url)],
From 006cb2ba70a67e7ca5a66e35e256f00581de401b Mon Sep 17 00:00:00 2001
From: Nol de Roos <108540791+nolderoos@users.noreply.github.com>
Date: Mon, 11 May 2026 13:52:38 +0200
Subject: [PATCH 06/11] migrate Questions log screen to design system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenTrust_Admin_Questions::render_page() now wraps in .opentrust-admin
with the dark topbar (brand mark + version + back-to-AI-settings link +
View Trust Center link), no Save (read-only screen), the topbar__head
title block, an .opentrust-stack of section blocks, and the shared
\OpenTrust\Admin\Footer at the bottom.
Each surface on the page is rebuilt with design-system markup:
- Logging on/off banner → .opentrust-notice--success or --warn with an
inline toggle action in .opentrust-notice__actions.
- Filter form → .opentrust-block + .opentrust-card with a new
.opentrust-filterbar layout (label-above-input columns + grouped
actions on the right). Inputs and select use design system classes.
- Log table → .opentrust-card--flush (new variant — drops card padding
so the table can span edges) containing a token-styled
.opentrust-log-table. Refused rows highlight in warn tones; meta
columns use mono, tabular-nums, and muted text.
- Pagination → paginate_links() output restyled inside
.opentrust-log-table__pagination (rounded chip per page, blue
active, gray dots).
- Danger zone → .opentrust-action-row inside a card with a
.opentrust-btn--danger Clear button (kept the same confirm() flow).
CSS additions (Questions-only extensions block in opentrust-admin.css):
.opentrust-card--flush, .opentrust-filterbar*, .opentrust-log-table*,
plus the pagination styling that overrides paginate_links()'s defaults.
Logic is unchanged — same filter handling, same query, same export /
clear / toggle-logging admin-post handlers.
PHPStan level 5 clean.
---
assets/css/opentrust-admin.css | 125 +++++++
includes/class-opentrust-admin-questions.php | 326 +++++++++++--------
2 files changed, 323 insertions(+), 128 deletions(-)
diff --git a/assets/css/opentrust-admin.css b/assets/css/opentrust-admin.css
index 84f0f65..e0298d9 100644
--- a/assets/css/opentrust-admin.css
+++ b/assets/css/opentrust-admin.css
@@ -1647,3 +1647,128 @@ body > .opentrust-modal-backdrop.is-leaving { animation: opentrust-backdrop-out
margin: 0 0 2px;
font-size: 13.5px;
}
+
+/* ----------------------------------------------------------------------- *
+ * OpenTrust-only extensions: Questions log screen. *
+ * *
+ * Filter toolbar (label-above-input columns + an actions group), a *
+ * lightweight log table styled with design tokens, and a flush card *
+ * variant that lets the table span the card edge-to-edge. *
+ * ----------------------------------------------------------------------- */
+
+/* Flush card: drops the padding so a table or media block can span edges */
+.opentrust-admin .opentrust-card--flush { padding: 0; overflow: hidden; }
+
+/* Filter toolbar */
+.opentrust-admin .opentrust-filterbar {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 10px 14px;
+ align-items: flex-end;
+}
+
+.opentrust-admin .opentrust-filterbar__field { display: flex; flex-direction: column; gap: 4px; min-width: 0; }
+.opentrust-admin .opentrust-filterbar__field label {
+ font-size: 11px;
+ font-weight: 600;
+ color: var(--tx-muted);
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+}
+
+.opentrust-admin .opentrust-filterbar__field input,
+.opentrust-admin .opentrust-filterbar__field .opentrust-select { min-width: 0; }
+
+.opentrust-admin .opentrust-filterbar__actions {
+ display: inline-flex;
+ flex-wrap: wrap;
+ gap: 8px;
+ margin-left: auto;
+}
+
+.opentrust-admin .opentrust-filterbar__export { margin-left: auto; }
+
+/* Log table */
+.opentrust-admin .opentrust-log-table {
+ width: 100%;
+ border-collapse: separate;
+ border-spacing: 0;
+ font-size: 13px;
+ color: var(--tx-body);
+}
+
+.opentrust-admin .opentrust-log-table thead th {
+ padding: 9px 14px;
+ font-size: 11px;
+ font-weight: 600;
+ color: var(--tx-muted);
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+ text-align: left;
+ background: var(--ettic-surface-2);
+ border-bottom: 1px solid var(--ettic-border);
+ white-space: nowrap;
+}
+
+.opentrust-admin .opentrust-log-table tbody td {
+ padding: 10px 14px;
+ border-bottom: 1px solid var(--ettic-border);
+ vertical-align: top;
+}
+
+.opentrust-admin .opentrust-log-table tbody tr:last-child td { border-bottom: 0; }
+.opentrust-admin .opentrust-log-table tbody tr:nth-child(even) { background: #FBFCFD; }
+.opentrust-admin .opentrust-log-table tbody tr.is-refused { background: #FFF7EC; }
+.opentrust-admin .opentrust-log-table tbody tr.is-refused:nth-child(even) { background: #FFF1DA; }
+
+.opentrust-admin .opentrust-log-table__empty td { text-align: center; color: var(--tx-muted); padding: 24px 14px; }
+
+.opentrust-admin .opentrust-log-table__date { white-space: nowrap; color: var(--tx-muted); font-size: 12.5px; }
+.opentrust-admin .opentrust-log-table__num { text-align: right; width: 64px; font-variant-numeric: tabular-nums; }
+.opentrust-admin .opentrust-log-table__meta { font-size: 12px; color: var(--tx-muted); font-variant-numeric: tabular-nums; white-space: nowrap; }
+.opentrust-admin .opentrust-log-table__model { font-family: var(--ff-mono); font-size: 11.5px; background: transparent; color: var(--tx-muted); padding: 0; }
+
+.opentrust-admin .opentrust-log-table__refused {
+ display: inline-block;
+ padding: 1px 7px;
+ margin-right: 6px;
+ font-size: 10px;
+ font-weight: 700;
+ letter-spacing: 0.04em;
+ text-transform: uppercase;
+ background: var(--warn-bg);
+ color: var(--warn);
+ border-radius: 9px;
+}
+
+/* Pagination — restyle paginate_links() output to fit the design system */
+.opentrust-admin .opentrust-log-table__pagination {
+ display: flex;
+ justify-content: center;
+ gap: 4px;
+ padding: 12px 14px;
+ background: var(--ettic-surface-2);
+ border-top: 1px solid var(--ettic-border);
+ font-size: 13px;
+}
+
+.opentrust-admin .opentrust-log-table__pagination .page-numbers {
+ display: inline-flex;
+ align-items: center;
+ min-width: 28px;
+ height: 28px;
+ padding: 0 9px;
+ border-radius: var(--r-sm);
+ border: 1px solid var(--ettic-border);
+ background: #fff;
+ color: var(--tx-strong);
+ text-decoration: none;
+}
+
+.opentrust-admin .opentrust-log-table__pagination .page-numbers:hover { border-color: var(--ettic-border-hi); color: var(--ettic-blue); }
+.opentrust-admin .opentrust-log-table__pagination .page-numbers.current {
+ background: var(--ettic-blue);
+ border-color: var(--ettic-blue);
+ color: #fff;
+}
+.opentrust-admin .opentrust-log-table__pagination .page-numbers.dots { border: 0; background: transparent; color: var(--tx-quiet); }
diff --git a/includes/class-opentrust-admin-questions.php b/includes/class-opentrust-admin-questions.php
index a8bd6a5..d7feb65 100644
--- a/includes/class-opentrust-admin-questions.php
+++ b/includes/class-opentrust-admin-questions.php
@@ -55,12 +55,14 @@ public function render_page(): void {
];
// phpcs:enable WordPress.Security.NonceVerification.Recommended
- $result = OpenTrust_Chat_Log::query($filters);
- $total = $result['total'];
- $rows = $result['rows'];
- $pages = max(1, (int) ceil($total / $filters['per_page']));
- $models = OpenTrust_Chat_Log::distinct_models();
- $counts = OpenTrust_Chat_Log::total_count();
+ $result = OpenTrust_Chat_Log::query($filters);
+ $total = $result['total'];
+ $rows = $result['rows'];
+ $pages = max(1, (int) ceil($total / $filters['per_page']));
+ $models = OpenTrust_Chat_Log::distinct_models();
+ $counts = OpenTrust_Chat_Log::total_count();
+ $tc_url = home_url('/' . ($settings['endpoint_slug'] ?? OpenTrust::DEFAULT_ENDPOINT_SLUG) . '/');
+ $back_url = admin_url('admin.php?page=opentrust&tab=ai');
$export_url = wp_nonce_url(
admin_url('admin-post.php?action=opentrust_ai_questions_export&' . http_build_query(array_filter($filters + ['paged' => 0]))),
@@ -75,137 +77,205 @@ public function render_page(): void {
'opentrust_ai_toggle_logging'
);
- $notice = get_transient('opentrust_ai_notice_' . get_current_user_id());
- if (is_array($notice)) {
- delete_transient('opentrust_ai_notice_' . get_current_user_id());
- $class = $notice['type'] === 'error' ? 'notice-error' : 'notice-success';
- printf('
+
+
+
+
+
+
+
+
+
+ %s
-
-
-
- -
- -