What is Zypor?

Zypor is an open-source framework and content platform built on zero-trust principles.
Every plugin runs in a sandboxed environment with clear permissions and auditing, bringing freedom without chaos to extensibility.

Where open source meets accountability.

Highlights

  • 🔒 Sandboxed plugins — extensions run out-of-process with strict gates (storage, DB, HTTP).
  • 🧩 Capability-based API — explicit manifests, least-privilege tokens, and full audit logs.
  • 🛠️ Developer-friendly — clean SDKs for storage, data, and HTTP; fast local sandbox runner.
  • 🛡️ Supply-chain aware — signature checks, integrity monitoring, and revocation.
  • 🌍 Born multilingual — designed to support every EU language from day one.
  • 🏛️ European origin — aligned with digital sovereignty and privacy by default.

From chaos to compliance.

Permissions, Roles, and Policies

Identity model

  • Users & Groups — people belong to groups; actions are evaluated per user and group context.
  • Roles — reusable capability bundles (e.g., Editor, Auditor, Plugin).
  • Actors — users, services, and plugins act with scoped tokens.

Policy model

  • Allow/deny rules — explicit, testable policies with defaults locked down.
  • Row-/tenant-level filters — data access is automatically scoped to the right boundary.
  • Audit & attest — every sensitive action is logged for compliance review.

The rule of law for data protection.

Roadmap (early milestones)

  • Core sandbox runner & capability tokens
  • Storage/DB/HTTP gates with auditing
  • Admin UI & schema system
  • Internationalization packs (EU languages)
  • Extension review & signature flow
  • First public preview

Origin

Built in Europe for a safer internet. Zypor aims to provide a trustworthy, open alternative for organizations that need extensibility without exposure.