Tauri (Rust)

Specific best practices and architectural patterns when working with Tauri (Rust).

Language / Topic

Rust

Rules

Tauri (Rust) · balanced balanced

- Use Tauri commands (`#[tauri::command]`) for frontend-to-backend communication; validate all inputs from the webview.

- Configure `tauri.conf.json` allowlist to restrict API access — only enable capabilities the app actually needs.

- Define backend functions with `#[tauri::command]` and register them in `Builder::default().invoke_handler(tauri::generate_handler![...])`.

- Validate and sanitize all data received from the webview — treat the frontend as untrusted input.

- Configure the CSP in `tauri.conf.json` to restrict script sources; minimize the allowlist to only required Tauri APIs.

- Use `tauri::State<>` for shared application state; wrap mutable state in `Mutex` or `RwLock`.

- Use Tauri events (`app.emit()`, `window.listen()`) for backend-to-frontend push communication.