Add MrTrust GUI and Gitea release build

AGENTS.md

@@ -1,60 +1,35 @@
-# Agent Instructions For This Repository
+# Agent Instructions For MrTrust
 
-This file is for Codex agents working on the Codex Agent Repository Kit itself. The public `README.md` is for humans and should stay focused on setup and usage.
+MrTrust manages explicit Windows certificate trust for MrSphay software.
 
-## Start Of Task
+## Security Boundaries
 
-- Check `git status --short`.
-- If the working tree is clean, run `git pull --ff-only` before editing.
-- If local changes exist, preserve them and do not overwrite user work.
-- Conserve context tokens: use `rg`, targeted file reads, and short summaries instead of loading unrelated files or long logs.
+- Do not add Defender, SmartScreen, UAC, firewall, or policy bypasses.
+- Do not add silent certificate installation.
+- Do not commit `.pfx`, private keys, passwords, tokens, or signing secrets.
+- Default to `CurrentUser` certificate stores. Use `LocalMachine` only when the user explicitly chooses all-user trust.
+- Keep all user-facing trust actions reversible.
 
-## Repository Purpose
+## Repository Layout
 
-This repository ships reusable baseline files for other repositories:
-
-- `files/` contains templates copied into target repositories.
-- `agent-quickstart.md`, `new-repository.md`, and `existing-project.md` are agent workflows.
-- `manifest.json` is the source of truth for copy targets and placeholders.
-- `profiles/` contains stack-specific guidance.
-
-## Editing Rules
-
-- Keep repository owner, repository name, project names, and local paths dynamic. This kit intentionally targets `https://git.wilkensxl.de` and SSH port `2222`, so keep that host/port consistent in user-facing setup and Gitea workflow defaults.
-- If a new placeholder is introduced, update `manifest.json`, the README placeholder list, and placeholder scans in workflow templates.
-- Keep `README.md` user-facing. Put agent operating rules in this file or the workflow docs.
-- Keep `files/AGENTS.md` generic; it is copied into target repositories and must not describe this repository specifically.
-- Do not include secrets, tokens, private data, or sensitive logs in docs, issues, commits, or release notes.
-
-## Follow-up Work
-
-- Create focused tracker issues for real follow-up work that is outside the current scope or can be done independently.
-- Do not create issues for work that can be safely completed in the current task.
-- If issue creation is unavailable, update `docs/agent-handoff.md` with the blocker and next steps.
+- `scripts/` contains the PowerShell implementation.
+- `assets/certificates/` contains public certificates only.
+- `private/` is ignored and may contain local signing material.
+- `docs/integration-prompt.md` is the prompt for adding MrTrust to other projects.
+- `docs/security-model.md` documents the intended behavior and limits.
+- `MrTrust.ps1 gui` is the user-facing GUI entry point.
 
 ## Verification
 
-Before committing:
+Before finishing changes, run:
 
 ```powershell
-Get-Content manifest.json | ConvertFrom-Json | Out-Null
-Get-Content manifest.schema.json | ConvertFrom-Json | Out-Null
-Get-Content files\blueprint.json | ConvertFrom-Json | Out-Null
+$scripts = Get-ChildItem .\scripts -Filter *.ps1
+foreach ($script in $scripts) {
+  $tokens = $null
+  $errors = $null
+  [System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$tokens, [ref]$errors) | Out-Null
+  if ($errors) { throw $errors }
+}
 git diff --check
 ```
-
-Also verify:
-
-- every `manifest.json` copyMap source exists,
-- every profile path exists,
-- reusable files contain no private instance defaults such as a specific username or private host,
-- `README.md` documents every placeholder listed in `manifest.json`.
-
-## Release
-
-- Bump `manifest.json` version.
-- Update `CHANGELOG.md`.
-- Commit changes.
-- Create an annotated tag such as `v1.0.2`.
-- Push `main` and tags.
-- Create or update the Gitea release when a valid API token is available.