MrSphay/MrTrust
1
0
Fork 0
generated from MrSphay/codex-agent-repository-kit
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
17 Commits 1 Branch 5 Tags
e37a0b56c4b2188e93b31b01b02abe86c82d183f
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
MrSphay e37a0b56c4
All checks were successful
Build MrTrust / build (push) Successful in 4m24s
Details
Limit release upload to push runs
2026-05-16 03:28:54 +02:00
.gitea/workflows
Limit release upload to push runs
2026-05-16 03:28:54 +02:00
assets
Polish GUI and add app icon
2026-05-16 00:14:46 +02:00
docs
0.1.3
2026-05-16 03:08:43 +02:00
files
Initial commit
2026-05-15 21:18:19 +00:00
profiles
Initial commit
2026-05-15 21:18:19 +00:00
scripts
Add Linux signing helper payload
2026-05-16 03:20:41 +02:00
src
Add Linux signing helper payload
2026-05-16 03:20:41 +02:00
.gitignore
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
agent-quickstart.md
Initial commit
2026-05-15 21:18:19 +00:00
AGENTS.md
Add autonomous MrTrust target integration contract
2026-05-16 02:03:25 +02:00
CHANGELOG.md
0.1.3
2026-05-16 03:08:43 +02:00
existing-project.md
Initial commit
2026-05-15 21:18:19 +00:00
manifest.json
Add autonomous MrTrust target integration contract
2026-05-16 02:03:25 +02:00
manifest.schema.json
Add autonomous MrTrust target integration contract
2026-05-16 02:03:25 +02:00
mrtrust.integration.json
0.1.3
2026-05-16 03:08:43 +02:00
MrTrust.ps1
Add MrTrust GUI and Gitea release build
2026-05-15 23:47:10 +02:00
new-repository.md
Initial commit
2026-05-15 21:18:19 +00:00
README.md
0.1.3
2026-05-16 03:08:43 +02:00

README.md

MrTrust

MrTrust is a small Windows trust-onboarding kit for MrSphay software.

It is designed for this workflow:

  1. MrSphay creates a private code-signing certificate once.
  2. MrSphay publishes only the public trust certificate with MrTrust.
  3. A user runs MrTrust once and explicitly approves installing that public certificate.
  4. MrSphay projects signed with the matching certificate chain are shown as trusted on that PC.

MrTrust does not bypass Microsoft Defender or SmartScreen. Windows can still scan, quarantine, or warn about suspicious files. This project only manages normal Windows certificate trust with visible user consent.

What It Contains

  • MrTrust.exe opens a standalone Windows interface for installing or removing trust.
  • MrTrust.ps1 and scripts/ are source and maintainer tools for building, signing, and local development.
  • scripts/New-MrTrustCertificate.ps1 creates a local root certificate and a code-signing certificate for the publisher.
  • scripts/Install-MrTrust.ps1 installs the public trust certificate for the current user or the local machine.
  • scripts/Uninstall-MrTrust.ps1 removes the MrTrust certificate again.
  • scripts/Sign-MrTrustProject.ps1 signs .exe, .msi, .ps1, and other Authenticode-compatible files.
  • scripts/Sign-MrTrustProjectLinux.sh signs Windows PE/MSI/CAT artifacts on Ubuntu Gitea runners with osslsigncode.
  • scripts/New-MrTrustRelease.ps1 builds a distributable ZIP package.
  • docs/integration-prompt.md is a prompt you can paste into other Windows projects.
  • docs/agent-target-integration.md is the autonomous target-project integration runbook for agents.
  • mrtrust.integration.json is the machine-readable integration contract.
  • MrTrust.exe is standalone for normal users. It embeds the public certificates and runtime scripts.

Quick Start For MrSphay

Create the certificates:

.\scripts\New-MrTrustCertificate.ps1

This writes:

  • public certificates to assets\certificates\
  • private signing material to private\

The private\ directory is ignored by git. Do not publish .pfx files or passwords.

Install the public trust certificate on your own PC:

.\MrTrust.ps1 install

Open the GUI:

.\MrTrust.ps1 gui

Sign another project build:

.\MrTrust.ps1 sign `
  -Path "C:\Path\To\App.exe" `
  -PfxPath ".\private\MrSphay-CodeSigning.pfx"

Remove the trust certificate:

.\MrTrust.ps1 uninstall

Build a user-facing ZIP release:

.\scripts\New-MrTrustRelease.ps1 -Version 0.1.3

The Gitea workflow .gitea/workflows/build.yml builds the Windows launcher EXE on an ubuntu-latest runner with .NET Windows cross-targeting, then uploads the ZIP as an artifact.

User Installation

For normal users, distribute MrTrust.exe. The executable embeds the public certificate files and opens the GUI by default.

By default, MrTrust installs trust only for the current Windows user:

Root certificate -> Cert:\CurrentUser\Root
Code-signing certificate -> Cert:\CurrentUser\TrustedPublisher

For all users on the machine, run PowerShell as Administrator:

.\MrTrust.exe

Then choose the all-users option in the GUI.

Using This Repo With Other Agents

Yes. Give another agent this repository URL, the target Windows project, and docs/integration-prompt.md.

For autonomous work, the agent should read these files in order:

  1. mrtrust.integration.json
  2. docs/agent-target-integration.md
  3. docs/integration-prompt.md

The agent's job is to modify the target project, not this repository:

  • expose a visible "Open MrTrust" or trust setup path for users
  • link to or bundle the standalone MrTrust.exe
  • sign Windows release artifacts with the MrSphay code-signing certificate
  • keep trust installation explicit, reversible, and user-confirmed
  • keep private signing material out of the target repository and release artifacts

Both sides have to be wired:

  • MrTrust side: users install the public trust certificates once.
  • Target project side: release artifacts are signed with the MrSphay code-signing certificate.
  • Installer side, optional: the target app can offer "Open MrTrust" or bundle MrTrust.exe, but it must not silently change trust.

If the target project is not signed, MrTrust cannot make it trusted.

Important Limits

  • This only helps for programs signed with the matching MrSphay certificate chain.
  • It does not make unsigned programs trusted.
  • It does not disable Defender, SmartScreen, UAC, or enterprise policies.
  • Public distribution without warnings is still best handled with a recognized commercial code-signing certificate.

Recommended Project Integration

Use docs/integration-prompt.md in another Windows project. The prompt tells Codex or another assistant to add a visible trust check, a link or bundled copy of the standalone MrTrust.exe, and a signing step without hiding security changes from the user.

For agents that can inspect files autonomously, docs/agent-target-integration.md gives the decision tree, installer patterns, signing commands, and completion checklist.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 203 KiB
Releases 5
MrTrust v0.1.4 Latest
2026-05-16 11:43:52 +00:00
Languages
PowerShell 85.4%
C# 11.9%
Shell 2.7%