tauri-security

When to use this skill

ALWAYS use this skill when the user mentions:

• Capability or scope design for Tauri v2
• Building or editing capabilities/default.json
• ACL-based permission control or audit

Trigger phrases include:

• "capabilities", "scope", "ACL", "permissions", "capabilities json", "minimum privilege"

How to use this skill

1. Create capabilities/default.json in src-tauri/capabilities/:

   {
     "identifier": "default",
     "description": "Main window capabilities",
     "windows": ["main"],
     "permissions": [
       "core:default",
       "dialog:allow-open",
       { "identifier": "fs:allow-read-text-file", "allow": [{ "path": "$APPDATA/**" }] },
       { "identifier": "http:default", "allow": [{ "url": "https://api.example.com/**" }] }
     ]
   }
   

2. Map features to capabilities: Each feature should use the minimum permissions required
3. Define scoped access to restrict file paths, URLs, and other resources:

   { "identifier": "fs:allow-write-text-file", "allow": [{ "path": "$APPDATA/config/**" }] }
   

4. Assign capabilities per window -- different windows can have different permission sets
5. Audit permissions before release: remove any unused permissions, verify scope restrictions
6. Validate at runtime by testing that restricted operations correctly fail outside their scope

Outputs

• capabilities/default.json with minimal permissions
• Feature-to-capability mapping
• Scoped access rules for files, URLs, and plugins
• Permission audit checklist

References

• https://v2.tauri.app/security/capabilities/
• https://v2.tauri.app/security/scope/

Keywords

tauri security, capabilities, scope, ACL, permissions, minimum privilege