Author here. This is a good callout, there are a few reasons why it's a plugin and not open source (yet).

First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.

Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).

Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).

But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.