--- name: trust-center description: Generate a public-facing security trust page from scan data. Produces a single deployable index.html that shows compliance framework scores, security policies, infrastructure overview, and data protection posture. Deployable to S3, Vercel, Netlify, or GitHub Pages. user-invocable: true --- # Trust Center Generate a deployable security trust page for your company. ## What to do Read `shasta.config.json` for `python_cmd` and `company_name`. Use that for all commands (shown as ``). ### Step 1: Check for scan data ```bash -c " from shasta.db.schema import ShastaDB db = ShastaDB(); db.initialize() scan = db.get_latest_scan() if scan: print(f'SCAN_FOUND|{scan.completed_at}|{scan.summary.total_findings if scan.summary else 0} findings') else: print('NO_SCAN') " ``` If NO_SCAN, tell the user: "No scan data found. The trust center will generate with placeholder content. Run `/scan` first for real compliance scores." ### Step 2: Ask about customization Ask the user: > "Generate the trust center with defaults, or customize? I can set: > - Company name and tagline > - Contact email and DPO email > - Which frameworks to show (SOC 2, ISO 27001, HIPAA) > - Subprocessors list > - Theme colors > > Default generates a clean page with SOC 2 + ISO 27001 badges, all 8 policies, and your scan scores." If they say "defaults" or similar, proceed with step 3 using just the company name from `shasta.config.json`. If they want customization, build the config object from their answers. ### Step 3: Generate For defaults: ```bash -c " from shasta.trustcenter.generator import generate_trust_center path = generate_trust_center() print(f'Trust center generated at: {path}') " ``` For custom config: ```bash -c " from shasta.trustcenter.config import TrustCenterConfig from shasta.trustcenter.generator import generate_trust_center config = TrustCenterConfig( company_name='', company_tagline='', contact_email='', show_hipaa=, subprocessors=[ {'name': 'AWS', 'purpose': 'Cloud infrastructure', 'location': 'US'}, ], ) path = generate_trust_center(config) print(f'Trust center generated at: {path}') " ``` ### Step 4: Show the result Tell the user: 1. The file path (e.g. `data/trust-center/index.html`) 2. How to preview: `start data/trust-center/index.html` (Windows) or `open data/trust-center/index.html` (Mac) 3. How to deploy: > **Deploy options:** > - **S3:** `aws s3 cp data/trust-center/index.html s3://your-trust-bucket/index.html --content-type text/html` > - **GitHub Pages:** Copy to your `docs/` folder or `gh-pages` branch > - **Vercel/Netlify:** Set build output directory to `data/trust-center/` > - **Custom domain:** Point trust.yourcompany.com at the hosting bucket/project The page is a single self-contained HTML file — no build step, no dependencies, no asset files to manage. It uses Tailwind CDN and Chart.js CDN. ## Important notes - The trust center shows **aggregate posture only** — no resource ARNs, no finding details, no remediation guidance. Account IDs are truncated to last 4 digits. It's safe to publish publicly. - All numbers on the page come from the latest scan. Re-run `/scan` then `/trust-center` to update. - The page is generated by Jinja2 templates — no LLM calls in the generation pipeline.