MrSphay/MrTrust
1
0
Fork 0
generated from MrSphay/codex-agent-repository-kit
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
6 Commits 1 Branch 5 Tags
93ca15a8815fb0d7fd9b8e92218389f1132c6c90
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
MrSphay 93ca15a881
All checks were successful
Build MrTrust / build (push) Successful in 3m49s
Details
Make MrTrust executable standalone
2026-05-16 01:21:52 +02:00
.gitea/workflows
Make MrTrust executable standalone
2026-05-16 01:21:52 +02:00
assets
Polish GUI and add app icon
2026-05-16 00:14:46 +02:00
docs
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
files
Initial commit
2026-05-15 21:18:19 +00:00
profiles
Initial commit
2026-05-15 21:18:19 +00:00
scripts
Make MrTrust executable standalone
2026-05-16 01:21:52 +02:00
src
Make MrTrust executable standalone
2026-05-16 01:21:52 +02:00
.gitignore
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
agent-quickstart.md
Initial commit
2026-05-15 21:18:19 +00:00
AGENTS.md
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
CHANGELOG.md
Polish GUI and add app icon
2026-05-16 00:14:46 +02:00
existing-project.md
Initial commit
2026-05-15 21:18:19 +00:00
manifest.json
Initial commit
2026-05-15 21:18:19 +00:00
manifest.schema.json
Initial commit
2026-05-15 21:18:19 +00:00
MrTrust.ps1
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
new-repository.md
Initial commit
2026-05-15 21:18:19 +00:00
README.md
Make MrTrust executable standalone
2026-05-16 01:21:52 +02:00

README.md

MrTrust

MrTrust is a small Windows trust-onboarding kit for MrSphay software.

It is designed for this workflow:

  1. MrSphay creates a private code-signing certificate once.
  2. MrSphay publishes only the public trust certificate with MrTrust.
  3. A user runs MrTrust once and explicitly approves installing that public certificate.
  4. MrSphay projects signed with the matching certificate chain are shown as trusted on that PC.

MrTrust does not bypass Microsoft Defender or SmartScreen. Windows can still scan, quarantine, or warn about suspicious files. This project only manages normal Windows certificate trust with visible user consent.

What It Contains

  • MrTrust.ps1 gui opens a simple Windows interface for installing or removing trust.
  • scripts/New-MrTrustCertificate.ps1 creates a local root certificate and a code-signing certificate for the publisher.
  • scripts/Install-MrTrust.ps1 installs the public trust certificate for the current user or the local machine.
  • scripts/Uninstall-MrTrust.ps1 removes the MrTrust certificate again.
  • scripts/Sign-MrTrustProject.ps1 signs .exe, .msi, .ps1, and other Authenticode-compatible files.
  • scripts/New-MrTrustRelease.ps1 builds a distributable ZIP package.
  • docs/integration-prompt.md is a prompt you can paste into other Windows projects.
  • MrTrust.exe is standalone for normal users. It embeds the public certificates and runtime scripts.

Quick Start For MrSphay

Create the certificates:

.\scripts\New-MrTrustCertificate.ps1

This writes:

  • public certificates to assets\certificates\
  • private signing material to private\

The private\ directory is ignored by git. Do not publish .pfx files or passwords.

Install the public trust certificate on your own PC:

.\MrTrust.ps1 install

Open the GUI:

.\MrTrust.ps1 gui

Sign another project build:

.\MrTrust.ps1 sign `
  -Path "C:\Path\To\App.exe" `
  -PfxPath ".\private\MrSphay-CodeSigning.pfx"

Remove the trust certificate:

.\MrTrust.ps1 uninstall

Build a user-facing ZIP release:

.\scripts\New-MrTrustRelease.ps1 -Version 0.1.1

The Gitea workflow .gitea/workflows/build.yml builds the Windows launcher EXE on an ubuntu-latest runner with .NET Windows cross-targeting, then uploads the ZIP as an artifact.

User Installation

For normal users, distribute MrTrust.exe. The executable embeds the public certificate files and opens the GUI by default.

By default, MrTrust installs trust only for the current Windows user:

Root certificate -> Cert:\CurrentUser\Root
Code-signing certificate -> Cert:\CurrentUser\TrustedPublisher

For all users on the machine, run PowerShell as Administrator:

.\MrTrust.ps1 install -Scope LocalMachine

Using This Repo With Other Agents

Yes. Give another agent this repository URL and the target Windows project, then paste docs/integration-prompt.md.

Both sides have to be wired:

  • MrTrust side: users install the public trust certificates once.
  • Target project side: release artifacts are signed with the MrSphay code-signing certificate.
  • Installer side, optional: the target app can offer "Open MrTrust" or bundle the MrTrust ZIP, but it must not silently change trust.

If the target project is not signed, MrTrust cannot make it trusted.

Important Limits

  • This only helps for programs signed with the matching MrSphay certificate chain.
  • It does not make unsigned programs trusted.
  • It does not disable Defender, SmartScreen, UAC, or enterprise policies.
  • Public distribution without warnings is still best handled with a recognized commercial code-signing certificate.

Recommended Project Integration

Use docs/integration-prompt.md in another Windows project. The prompt tells Codex or another assistant to add a visible trust check, a link or bundled copy of MrTrust, and a signing step without hiding security changes from the user.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 203 KiB
Releases 5
MrTrust v0.1.4 Latest
2026-05-16 11:43:52 +00:00
Languages
PowerShell 85.4%
C# 11.9%
Shell 2.7%