Runtime PackagingPendingDesktop shell

Desktop Runtime

tauri v2 wraps the existing read-only shell while signing, credentials, local commands, and desktop automation stay gated.

Runtime

Tauri v2

read only shell / repo plan

Scaffold

local

6 native files, 0 permissions.

Blocked gates

6

Credentials or approvals required before native release work.

Runtime Boundary

Tauri keeps the native wrapper thin while the VDS control plane remains the source of operational truth.
The current desktop shell is wrapped by a minimal read-only scaffold before any privileged desktop capability exists.
Rust-side commands, local automation, keychain writes, and provider calls remain blocked until explicit approvals and audit policy exist.

Next safe command

npm run desktop:native:inspect

Release Gates

Runtime choice

runtime-choice

Local

Repo decision records Tauri v2 as the native shell path.

Rust toolchain

rust-toolchain

Needs credentials

Tauri requires Rust/Cargo before native builds can run locally or in CI.

macOS build host

macos-build-host

Needs credentials

macOS packaging requires an Apple build host with Xcode tooling.

Apple Developer account

apple-developer

Needs credentials

Distribution signing and notarization require Apple Developer credentials.

macOS signing identity

macos-signing

Needs credentials

Signing identity must be provided through keychain or approved CI secrets.

APPLE_SIGNING_IDENTITY

macOS notarization

macos-notarization

Needs credentials

Notarization credentials are required before public direct-download distribution.

APPLE_API_ISSUERAPPLE_API_KEYAPPLE_API_KEY_PATH

Updater signing

updater-signing

Pending

Auto-update signing keys are not generated or stored.

Accessibility automation

accessibility-automation

Needs approval

No local GUI automation is enabled without macOS Accessibility approval.

macos-accessibility-approval

Native Scaffold

Commands registeredno
Capability permissions0
Updater enabledno

src-tauri/tauri.conf.json

Tauri v2 app, window, bundle, and security configuration.

Local

src-tauri/Cargo.toml

Rust crate manifest for the native wrapper only.

Local

src-tauri/build.rs

Tauri build hook.

Local

src-tauri/src/main.rs

Native process entrypoint.

Local

src-tauri/src/lib.rs

Tauri builder with no invoke handler or plugin commands.

Local

src-tauri/capabilities/read-only-shell.json

Explicit empty-permission capability for the main window.

Local

Package Targets

macos

.dmg

Pending

Direct-download macOS artifact after signing and notarization gates.

npm run desktop:tauri:build -- --bundles dmg

macos

.app

Pending

Local app bundle for development and signed test builds.

npm run desktop:tauri:build -- --bundles app

windows

.msi

Pending

Windows installer after signing strategy is defined.

npm run desktop:tauri:build -- --bundles msi

linux

.AppImage

Pending

Linux package after Linux dependency and signing policy is defined.

npm run desktop:tauri:build -- --bundles appimage

Blocked Actions

Generate native updater signing keys.Store Apple credentials.Run notarization.Enable Rust-side shell commands.Enable macOS Accessibility automation.

+8 more gated desktop actions locked