tauri-framework-security

When to use this skill

ALWAYS use this skill when the user mentions:

• Tauri v2 security hardening or audit
• CSP, HTTP headers, or runtime authority configuration
• Building a capability matrix for minimum-privilege access

Trigger phrases include:

• "security hardening", "CSP", "security audit", "capability matrix", "runtime authority"

How to use this skill

1. Build a capability matrix mapping each feature to minimum-required permissions:

   Feature         | Plugin     | Permission              | Scope
   Read user files | fs         | fs:allow-read-text-file | $DOCUMENT/**
   Send API calls  | http       | http:default            | https://api.example.com/**
   Notifications   | notification | notification:allow-notify | (no scope)
   

2. Configure CSP in tauri.conf.json:

   { "app": { "security": { "csp": "default-src 'self'; connect-src 'self' https://api.example.com" } } }
   

3. Set HTTP headers for additional security:

   { "app": { "security": { "headers": { "X-Content-Type-Options": "nosniff" } } } }
   

4. Review runtime authority: Ensure each window only has the capabilities it needs
5. Audit plugin permissions against actual usage -- remove any permissions not actively required
6. Produce a release security checklist: CSP validated, headers set, capabilities minimized, no debug permissions in production

Outputs

• Capability matrix with minimal scope per feature
• CSP and HTTP headers configuration
• Release security audit checklist

References

• https://v2.tauri.app/security/
• https://v2.tauri.app/security/capabilities/
• https://v2.tauri.app/security/csp/

Keywords

tauri security, CSP, hardening, capability matrix, runtime authority, audit