MrSphay/MrTrust
1
0
Fork 0
generated from MrSphay/codex-agent-repository-kit
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
631a66dab120cb1f895b1599c43c522e896214c3
MrTrust/docs/integration-prompt.md
MrSphay 631a66dab1 0.1.3 
Added Ubuntu-runner signing support through osslsigncode and PFX secrets.
2026-05-16 03:08:43 +02:00

49 lines
3.1 KiB
Markdown
Raw Blame History

# MrTrust Integration Prompt
Use this prompt in another Windows project when you want Codex or another agent to add MrTrust support.
Before changing the target project, read:
- `mrtrust.integration.json`
- `docs/agent-target-integration.md`
```text
Integrate MrTrust support into this Windows project.
Goal:
- Users should be able to run MrTrust once to trust software from MrSphay on their own PC.
- The project must not disable Defender, SmartScreen, UAC, or Windows security policy.
- All trust changes must be visible and require explicit user confirmation.
Agent contract:
- You are modifying the target Windows project, not MrTrust itself.
- Use `mrtrust.integration.json` and `docs/agent-target-integration.md` as the authoritative integration contract.
- Add MrTrust as a visible, optional trust-onboarding path for users.
- Add or update the target project's release/signing pipeline so produced Windows artifacts are signed.
- Do not mark the task complete after only copying documentation. The target project needs user-facing integration and signing support where applicable.
Implementation requirements:
- Add a docs section that explains MrTrust and links to or bundles the MrTrust release ZIP.
- Treat `MrTrust.exe` from the release ZIP as the user-facing integration point. Do not require users to copy or run MrTrust PowerShell source files.
- Add a build or release signing step that signs Windows artifacts with the MrSphay code-signing certificate.
- Do not commit any .pfx file, private key, certificate password, or signing secret.
- If the project has an installer, add an optional "Open MrTrust" action that runs:
.\MrTrust\MrTrust.exe
- Prefer CurrentUser certificate installation by default.
- Only offer LocalMachine installation when the user explicitly chooses an all-users install and the process is elevated.
- Add an uninstall path or documentation that opens MrTrust again and tells the user to choose "Remove trust".
- Keep the UI wording clear: the user is trusting MrSphay signed software, not bypassing Windows security.
- If this project produces an .exe, .msi, .dll, or .cat release artifact on an Ubuntu Gitea runner, sign it with:
bash ./MrTrust/scripts/Sign-MrTrustProjectLinux.sh <artifact-path>
- Treat the certificate thumbprint as public metadata, but never commit private signing material.
- Configure Gitea secrets `MRTRUST_CODESIGN_PFX_BASE64` and `MRTRUST_CODESIGN_PFX_PASSWORD` for Ubuntu runner signing.
- If the target project needs .ps1, .psm1, or .psd1 signing, use a Windows signing environment or document that script signing is not available on the current Ubuntu-only runners.
- Do not put private signing material into the target repository or user-facing release ZIP.
Verification:
- Confirm the target project's user-facing release contains either a link to the MrTrust release ZIP or a bundled copy of `MrTrust.exe`.
- Confirm unsigned builds still show as unsigned.
- Confirm signed builds validate after MrTrust installation.
- Confirm the MrTrust certificate can be removed again.
- Confirm no private signing material is present in the repository or release artifact.
```
Reference in New Issue View Git Blame Copy Permalink