Add MrTrust GUI and Gitea release build

docs/integration-prompt.md

@@ -0,0 +1,33 @@
+# MrTrust Integration Prompt
+
+Use this prompt in another Windows project when you want Codex or another agent to add MrTrust support.
+
+```text
+Integrate MrTrust support into this Windows project.
+
+Goal:
+- Users should be able to run MrTrust once to trust software from MrSphay on their own PC.
+- The project must not disable Defender, SmartScreen, UAC, or Windows security policy.
+- All trust changes must be visible and require explicit user confirmation.
+
+Implementation requirements:
+- Add a docs section that explains MrTrust and links to or bundles the MrTrust release ZIP.
+- Add a build or release signing step that signs Windows artifacts with the MrSphay code-signing certificate.
+- Do not commit any .pfx file, private key, certificate password, or signing secret.
+- If the project has an installer, add an optional "Open MrTrust" action that runs:
+  powershell.exe -ExecutionPolicy Bypass -File .\MrTrust\MrTrust.ps1 gui
+- Prefer CurrentUser certificate installation by default.
+- Only offer LocalMachine installation when the user explicitly chooses an all-users install and the process is elevated.
+- Add an uninstall path or documentation that runs:
+  powershell.exe -ExecutionPolicy Bypass -File .\MrTrust\MrTrust.ps1 uninstall
+- Keep the UI wording clear: the user is trusting MrSphay signed software, not bypassing Windows security.
+- If this project produces an .exe, .msi, .dll, .ps1, .psm1, .psd1, or .cat release artifact, sign it with:
+  powershell.exe -ExecutionPolicy Bypass -File .\MrTrust\MrTrust.ps1 sign -Path <artifact-path> -CertificateThumbprint A024A89200469F099EC4A172B4F96F6428AFD41B
+- Treat the certificate thumbprint as public metadata, but never commit private signing material.
+
+Verification:
+- Confirm unsigned builds still show as unsigned.
+- Confirm signed builds validate after MrTrust installation.
+- Confirm the MrTrust certificate can be removed again.
+- Confirm no private signing material is present in the repository or release artifact.
+```

docs/security-model.md

@@ -0,0 +1,40 @@
+# MrTrust Security Model
+
+MrTrust is a trust bootstrapper, not a security bypass.
+
+## Allowed Behavior
+
+- Import a public MrSphay certificate into Windows certificate stores after explicit user approval.
+- Sign MrSphay build artifacts with a private code-signing certificate kept outside git.
+- Provide an uninstall script that removes the same certificate again.
+
+## Disallowed Behavior
+
+- Disabling Microsoft Defender.
+- Disabling SmartScreen.
+- Silently modifying certificate stores.
+- Installing private keys on user machines.
+- Hiding certificate installation inside unrelated app actions.
+- Shipping `.pfx` files or signing passwords in a repository or release.
+
+## Recommended Stores
+
+For normal users:
+
+```text
+Cert:\CurrentUser\Root
+Cert:\CurrentUser\TrustedPublisher
+```
+
+For managed PCs or all-user installs:
+
+```text
+Cert:\LocalMachine\Root
+Cert:\LocalMachine\TrustedPublisher
+```
+
+The LocalMachine stores require administrator approval.
+
+## Residual Windows Warnings
+
+Even after MrTrust is installed, Windows can still block suspicious software. SmartScreen reputation, Defender detections, enterprise security policy, and downloaded-file mark-of-the-web behavior are separate from Authenticode trust.