The current version of the windows app is packaged to run at full trust when all it needs is:
access to the working directory to read .git folder with the repo
internet client access to submit reports
access to AppData...\stackmuncher\ folder to cache the reports locally, which is granted to all apps by default
The rules are stored in the application folder under C:\Program Files\WindowsApps\stackmuncher....\ as part of the package. The app has access to that by default.
Partially-trusted apps trip over git access because WinApps cannot launch another process. We'd need to bundle mingit with it: https://github.com/git-for-windows/git/releases and launch it from the app's folder, which is apparently allowed.
A better alternative is to use GitOxide as per #15
File access
The current version of the windows app is packaged to run at full trust when all it needs is:
The rules are stored in the application folder under C:\Program Files\WindowsApps\stackmuncher....\ as part of the package. The app has access to that by default.
According to https://docs.microsoft.com/en-us/archive/msdn-magazine/2018/may/universal-windows-platform-closing-uwp-win32-gaps#console-uwp-apps it is possible to declare the app as a console app which grants it access to the current working directory - the directory it was launched from.
I tried to follow the example, but it didn't work - the app installed, ran and tripped over access to the project dir - the current dir.
It is not clear if this applies to Win32 apps, but is worth trying.
Related:
Git access
Partially-trusted apps trip over git access because WinApps cannot launch another process. We'd need to bundle mingit with it: https://github.com/git-for-windows/git/releases and launch it from the app's folder, which is apparently allowed. A better alternative is to use GitOxide as per #15