Tauri Native Api Integration Skill
-
Utilize Tauri's APIs for native desktop integration (file system access, system tray, etc.).
-
Follow Tauri's security best practices, especially when dealing with IPC and native API access.
-
Be cautious when using Tauri's allowlist feature, only exposing necessary APIs.
Iron Laws
-
NEVER expose all Tauri commands without an allowlist — use explicit permission-based access
-
ALWAYS validate all IPC inputs on the Rust side — never trust the frontend
-
NEVER perform synchronous I/O in Tauri command handlers — always use async
-
ALWAYS use tauri-specta to generate TypeScript types from Rust structs for type safety
-
NEVER transfer large data synchronously over IPC — use streaming or chunking
Anti-Patterns
Anti-Pattern Why It Fails Correct Approach
No command allowlist All Rust functions exposed to frontend; attack surface maximized Allowlist only specific commands needed by the frontend
Trusting frontend input Malicious payloads can exploit Rust code Validate and sanitize all IPC inputs on the Rust side
Synchronous I/O in commands Blocks the Tauri event loop; UI freezes Use async Rust for all I/O operations in command handlers
Missing TypeScript types Runtime type mismatches between Rust and frontend Use tauri-specta to generate TypeScript types from Rust structs
Large synchronous data transfers IPC bottleneck causes UI stuttering Stream or chunk large data; avoid transferring full datasets over IPC
Memory Protocol (MANDATORY)
Before starting:
cat .claude/context/memory/learnings.md
After completing: Record any new patterns or exceptions discovered.
ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.