tauri
Installation
SKILL.md
Tauri Patterns
Reference Repositories
- Tauri: Desktop app framework with Rust backend and web frontend
Upstream Grounding
When Tauri command behavior, permissions, capabilities, CSP, asset protocols, path APIs, plugin filesystem behavior, or IPC semantics affect correctness, use source-backed grounding before relying on memory. If DeepWiki MCP is available, ask a narrow question against tauri-apps/tauri; if it is unavailable or the repo is not indexed, use upstream source or official docs directly. Treat DeepWiki as orientation, then verify decisive details against local generated bindings, installed Rust crates, TypeScript types, source, or official docs before changing code.
Skip DeepWiki for repo-local command naming and app-specific wrapper conventions already visible in the code.
Commands, Permissions, And Security
- Expose focused Rust APIs with
#[tauri::command], register them withgenerate_handler!, and returnResult<T, E>for fallible work. - Validate command inputs on the Rust side. TypeScript callers are not the trust boundary.
- Keep capabilities least-privilege in
app.security.capabilities, scoped to the windows or webviews that need them. Avoid broad permission wildcards. - Treat CSP,
devCsp, asset protocol configuration,convertFileSrc,freezePrototype, and remote IPC as security-sensitive config. - Long-lived Rust objects should be Tauri resources with frontend
ResourceIds. Do not serialize complex long-lived objects through command responses.