fix(capabilities): drop unused opener plugin and greet template cmd#76
Merged
Merged
Conversation
Audit of the Tauri capability + permission surface (ADR 0011) found the model is already principled — no wildcard grants, no fs/shell/http plugins, every command explicitly allow-listed, zero drift between registered and permitted command sets. Two concrete dead-surfaces surfaced and are removed here. 1. `greet` template command — Tauri scaffold hello-world, zero callers from frontend or backend. Removed from registry.rs, default.toml, app_core_commands.rs, and the orphaned duplicate in commands/mod.rs. Build regenerates permissions/autogenerated/greet.toml (gitignored). 2. `tauri-plugin-opener` — registered in lib.rs and granted `opener:default`, but the only `opener` reference in source code is the unrelated HTML `rel="noopener noreferrer"` attribute. No frontend or backend call to openUrl/revealItemInDir. Removed the dep, the plugin init, and the capability grant (also shrinks Cargo.lock by 178 lines of transitive deps). Non-changes (captured as follow-up in ADR 0011): - 70 commands permitted but never invoked from production frontend (e.g., start_kb_watcher, has_hf_token, list_jobs). Needs per-item review before removal — some may be planned, some dead. - `core:default` aggregates tray/menu/image/window/webview sub-perms that appear unused, but narrowing carries regression risk without end-to-end UI verification. Verified: cargo check --all-targets clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Audit of the Tauri capability + permission surface (ADR 0011). The model is already principled — no wildcard grants, no
fs/shell/httpplugins, every command explicitly allow-listed, and zero drift between the registered and permitted command sets. Two concrete dead-surfaces surfaced and are removed here.Removed
greettemplate command — Tauri scaffold hello-world, zero callers from frontend or backend. Removed fromregistry.rs,permissions/default.toml,app_core_commands.rs, and the orphaned duplicate incommands/mod.rs. The build regeneratespermissions/autogenerated/greet.toml(gitignored).tauri-plugin-opener— registered inlib.rsand grantedopener:default, but the onlyopeneroccurrence in source code is the unrelated HTMLrel="noopener noreferrer"attribute. No call toopenUrlorrevealItemInDir. Removed the dep, the plugin init, and the capability grant. Cargo.lock shrinks by 178 lines of transitive deps.Not changed (ADR 0011 captures as follow-up)
start_kb_watcher,has_hf_token,list_jobs,process_ocr, …). Each needs per-item verification before removal — some may be planned-but-unwired, some dead-from-deferred-features. Explicitly avoided to prevent the false-positive pattern flagged in prior audits.core:defaultsub-permission narrowing (tray,menu,image,window,webviewappear unused). Defer until end-to-end UI regression can be verified.Audit artifact
docs/adr/0011-tauri-capabilities-audit.mddocuments the methodology, findings, and the reproduciblecomm(1)script to re-run the audit on future commits.Test plan
cargo check --all-targets— cleanbackend-testsgreen (pnpm test:ci + security-regression)buildgreen (pnpm tauri buildsucceeds without opener plugin)🤖 Generated with Claude Code