What is Zypor?
Zypor is an open-source framework and content platform built on zero-trust principles.
Every plugin runs in a sandboxed environment with clear permissions and auditing, bringing freedom without chaos to extensibility.
Where open source meets accountability.
Highlights
- 🔒 Sandboxed plugins — extensions run out-of-process with strict gates (storage, DB, HTTP).
- 🧩 Capability-based API — explicit manifests, least-privilege tokens, and full audit logs.
- 🛠️ Developer-friendly — clean SDKs for storage, data, and HTTP; fast local sandbox runner.
- 🛡️ Supply-chain aware — signature checks, integrity monitoring, and revocation.
- 🌍 Born multilingual — designed to support every EU language from day one.
- 🏛️ European origin — aligned with digital sovereignty and privacy by default.
From chaos to compliance.
Permissions, Roles, and Policies
Identity model
- Users & Groups — people belong to groups; actions are evaluated per user and group context.
- Roles — reusable capability bundles (e.g., Editor, Auditor, Plugin).
- Actors — users, services, and plugins act with scoped tokens.
Policy model
- Allow/deny rules — explicit, testable policies with defaults locked down.
- Row-/tenant-level filters — data access is automatically scoped to the right boundary.
- Audit & attest — every sensitive action is logged for compliance review.
The rule of law for data protection.
Roadmap (early milestones)
- Core sandbox runner & capability tokens
- Storage/DB/HTTP gates with auditing
- Admin UI & schema system
- Internationalization packs (EU languages)
- Extension review & signature flow
- First public preview
Origin
Built in Europe for a safer internet. Zypor aims to provide a trustworthy, open alternative for organizations that need extensibility without exposure.