Repository metrics
- Stars
- (246 stars)
- PR merge metrics
- (Avg merge 5d 4h) (72 merged PRs in 30d)
Description
What problem does this address?
WordPress extracts image metadata at upload — EXIF, IPTC, and a subset of XMP — through wp_read_image_metadata(). It does not detect C2PA Content Credentials.
C2PA manifests are now embedded in images from AI generators (DALL-E 3, Adobe Firefly, Google Gemini, Microsoft Copilot), camera hardware (Google Pixel, Samsung Galaxy S25, Leica, Sony, Nikon), and infrastructure providers (Cloudflare Images). These manifests carry machine-readable provenance: what tool created the image, whether AI was involved, and the image's modification history.
WordPress's image processing pipeline (both GD and Imagick) destroys C2PA manifests during subsize generation. The original uploaded file survives on disk, but the window to read the manifest is at upload — before processing begins.
No WordPress plugin or core feature detects C2PA manifests today.
What is your proposed solution?
A read-only experiment that extends WordPress's image metadata awareness to include C2PA. The experiment registers through Abstract_Feature, toggleable through the existing AI plugin settings like any other experiment.
At upload, it hooks into the attachment pipeline, reads the original file via wp_get_original_image_path(), and captures a structured record in postmeta (_wpai_monitor_record). The record includes:
- Traditional metadata (curated EXIF/IPTC/XMP fields WordPress already partially extracts but never surfaces)
- C2PA presence detection (scanning JPEG APP11 markers, PNG
caBXchunks, WebP RIFFC2PAchunks) - C2PA claim summary (claim generator, digital source type, action history — decoded from the JUMBF manifest store)
The C2PA parsing requires JUMBF box reading and CBOR decoding utilities that don't currently exist in the plugin. These would be introduced as shared infrastructure, available to any experiment that works with C2PA data. See reference implementations in #294.
Design constraints:
- Read-only — does not modify images, manifests, or core attachment fields
- Fail-open — any error during capture is caught at the experiment boundary; the upload always succeeds
- No external dependencies — no outbound HTTP, no external services; pure PHP within the plugin's existing requirements
- No upload delay — capture targets < 500ms median on images under 15MB
Out of scope:
- Signing or re-signing images
- Cryptographic verification of manifests
- Preserving manifests through WordPress's image processing pipeline
- UI for displaying captured metadata