Add autonomous MrTrust target integration contract

mrtrust.integration.json

@@ -0,0 +1,59 @@
+{
+  "schemaVersion": 1,
+  "name": "MrTrust",
+  "purpose": "Add explicit MrSphay trust onboarding and signing support to Windows target projects.",
+  "sourceRepository": "https://git.wilkensxl.de/MrSphay/MrTrust",
+  "releasePage": "https://git.wilkensxl.de/MrSphay/MrTrust/releases",
+  "userFacingReleaseArtifact": {
+    "fileName": "MrTrust.exe",
+    "releaseZipNamePattern": "MrTrust-<version>.zip",
+    "recommendedBundledPath": "MrTrust\\MrTrust.exe",
+    "distribution": "Bundle this file directly or link to the MrTrust release ZIP.",
+    "launchCommand": ".\\MrTrust\\MrTrust.exe",
+    "removeTrustInstruction": "Open MrTrust and choose Remove trust."
+  },
+  "certificate": {
+    "publisher": "MrSphay",
+    "publicThumbprint": "A024A89200469F099EC4A172B4F96F6428AFD41B",
+    "defaultTrustScope": "CurrentUser",
+    "allUsersTrustScope": "LocalMachine",
+    "privateMaterialPolicy": "Never commit .pfx files, private keys, passwords, tokens, or signing secrets."
+  },
+  "signing": {
+    "supportedExtensions": [
+      ".exe",
+      ".msi",
+      ".dll",
+      ".ps1",
+      ".psm1",
+      ".psd1",
+      ".cat"
+    ],
+    "preferredCommand": ".\\MrTrust\\MrTrust.exe sign -Path <artifact-path> -CertificateThumbprint A024A89200469F099EC4A172B4F96F6428AFD41B",
+    "ciGuidance": "Run signing only on a trusted Windows release runner or secure local release machine where the private certificate is already installed or supplied through secrets.",
+    "unsignedBehavior": "Unsigned builds should remain unsigned. MrTrust only makes correctly signed MrSphay artifacts validate after the user has installed trust."
+  },
+  "targetProjectAgentContract": {
+    "modifyTargetProject": true,
+    "requiredOutcomes": [
+      "Expose a visible optional Open MrTrust or trust setup path.",
+      "Link to or bundle the standalone MrTrust.exe.",
+      "Sign Windows release artifacts when the target project produces supported artifact types.",
+      "Document how users install and remove MrTrust trust.",
+      "Verify no private signing material is present in the target repository or release artifacts."
+    ],
+    "forbiddenOutcomes": [
+      "Do not silently install certificates.",
+      "Do not bypass Defender, SmartScreen, UAC, firewall, or Windows security policy.",
+      "Do not claim MrTrust makes unsigned software trusted.",
+      "Do not commit private signing material."
+    ],
+    "fallbackWhenNoInstallerExists": [
+      "Add release documentation that links to or bundles MrTrust.exe.",
+      "Add a release signing step for supported Windows artifacts.",
+      "Add verification notes explaining that the app starts normally after the user installs MrTrust and the artifact signature validates."
+    ]
+  },
+  "agentRunbook": "docs/agent-target-integration.md",
+  "prompt": "docs/integration-prompt.md"
+}