generated from MrSphay/codex-agent-repository-kit
38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
# Agent Instructions For MrTrust
|
|
|
|
MrTrust manages explicit Windows certificate trust for MrSphay software.
|
|
|
|
## Security Boundaries
|
|
|
|
- Do not add Defender, SmartScreen, UAC, firewall, or policy bypasses.
|
|
- Do not add silent certificate installation.
|
|
- Do not commit `.pfx`, private keys, passwords, tokens, or signing secrets.
|
|
- Default to `CurrentUser` certificate stores. Use `LocalMachine` only when the user explicitly chooses all-user trust.
|
|
- Keep all user-facing trust actions reversible.
|
|
|
|
## Repository Layout
|
|
|
|
- `scripts/` contains the PowerShell implementation.
|
|
- `assets/certificates/` contains public certificates only.
|
|
- `private/` is ignored and may contain local signing material.
|
|
- `docs/integration-prompt.md` is the prompt for adding MrTrust to other projects.
|
|
- `docs/agent-target-integration.md` is the autonomous runbook for agents modifying target projects.
|
|
- `mrtrust.integration.json` is the machine-readable integration contract.
|
|
- `docs/security-model.md` documents the intended behavior and limits.
|
|
- `MrTrust.exe` is the user-facing standalone trust installer. The PowerShell scripts are source/build internals.
|
|
|
|
## Verification
|
|
|
|
Before finishing changes, run:
|
|
|
|
```powershell
|
|
$scripts = Get-ChildItem .\scripts -Filter *.ps1
|
|
foreach ($script in $scripts) {
|
|
$tokens = $null
|
|
$errors = $null
|
|
[System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$tokens, [ref]$errors) | Out-Null
|
|
if ($errors) { throw $errors }
|
|
}
|
|
git diff --check
|
|
```
|