chore: update to tauri 3.0.0-alpha.9

autogenerated commands format changed, needed FS plugin small change
2026-06-20 14:50:07 +02:00 · 2026-06-18 17:29:56 -03:00
parent b7dab55a2e
commit 8049700614
216 changed files with 460 additions and 2217 deletions
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["enable","disable","is_enabled"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-disable"
-description = "Enables the disable command without any pre-configured scope."
-commands.allow = ["disable"]
-
-[[permission]]
-identifier = "deny-disable"
-description = "Denies the disable command without any pre-configured scope."
-commands.deny = ["disable"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-enable"
-description = "Enables the enable command without any pre-configured scope."
-commands.allow = ["enable"]
-
-[[permission]]
-identifier = "deny-enable"
-description = "Denies the enable command without any pre-configured scope."
-commands.deny = ["enable"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-is-enabled"
-description = "Enables the is_enabled command without any pre-configured scope."
-commands.allow = ["is_enabled"]
-
-[[permission]]
-identifier = "deny-is-enabled"
-description = "Denies the is_enabled command without any pre-configured scope."
-commands.deny = ["is_enabled"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-cancel"
-description = "Enables the cancel command without any pre-configured scope."
-commands.allow = ["cancel"]
-
-[[permission]]
-identifier = "deny-cancel"
-description = "Denies the cancel command without any pre-configured scope."
-commands.deny = ["cancel"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-check-permissions"
-description = "Enables the check_permissions command without any pre-configured scope."
-commands.allow = ["check_permissions"]
-
-[[permission]]
-identifier = "deny-check-permissions"
-description = "Denies the check_permissions command without any pre-configured scope."
-commands.deny = ["check_permissions"]
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["scan","cancel","request_permissions","check_permissions","open_app_settings","vibrate"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-open-app-settings"
-description = "Enables the open_app_settings command without any pre-configured scope."
-commands.allow = ["open_app_settings"]
-
-[[permission]]
-identifier = "deny-open-app-settings"
-description = "Denies the open_app_settings command without any pre-configured scope."
-commands.deny = ["open_app_settings"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-request-permissions"
-description = "Enables the request_permissions command without any pre-configured scope."
-commands.allow = ["request_permissions"]
-
-[[permission]]
-identifier = "deny-request-permissions"
-description = "Denies the request_permissions command without any pre-configured scope."
-commands.deny = ["request_permissions"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-scan"
-description = "Enables the scan command without any pre-configured scope."
-commands.allow = ["scan"]
-
-[[permission]]
-identifier = "deny-scan"
-description = "Denies the scan command without any pre-configured scope."
-commands.deny = ["scan"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-vibrate"
-description = "Enables the vibrate command without any pre-configured scope."
-commands.allow = ["vibrate"]
-
-[[permission]]
-identifier = "deny-vibrate"
-description = "Denies the vibrate command without any pre-configured scope."
-commands.deny = ["vibrate"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-authenticate"
-description = "Enables the authenticate command without any pre-configured scope."
-commands.allow = ["authenticate"]
-
-[[permission]]
-identifier = "deny-authenticate"
-description = "Denies the authenticate command without any pre-configured scope."
-commands.deny = ["authenticate"]
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["authenticate","status"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-status"
-description = "Enables the status command without any pre-configured scope."
-commands.allow = ["status"]
-
-[[permission]]
-identifier = "deny-status"
-description = "Denies the status command without any pre-configured scope."
-commands.deny = ["status"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-cli-matches"
-description = "Enables the cli_matches command without any pre-configured scope."
-commands.allow = ["cli_matches"]
-
-[[permission]]
-identifier = "deny-cli-matches"
-description = "Denies the cli_matches command without any pre-configured scope."
-commands.deny = ["cli_matches"]
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["cli_matches"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-clear"
-description = "Enables the clear command without any pre-configured scope."
-commands.allow = ["clear"]
-
-[[permission]]
-identifier = "deny-clear"
-description = "Denies the clear command without any pre-configured scope."
-commands.deny = ["clear"]
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["write_text","read_text","write_image","read_image","write_html","clear"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-image"
-description = "Enables the read_image command without any pre-configured scope."
-commands.allow = ["read_image"]
-
-[[permission]]
-identifier = "deny-read-image"
-description = "Denies the read_image command without any pre-configured scope."
-commands.deny = ["read_image"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-text"
-description = "Enables the read_text command without any pre-configured scope."
-commands.allow = ["read_text"]
-
-[[permission]]
-identifier = "deny-read-text"
-description = "Denies the read_text command without any pre-configured scope."
-commands.deny = ["read_text"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write-html"
-description = "Enables the write_html command without any pre-configured scope."
-commands.allow = ["write_html"]
-
-[[permission]]
-identifier = "deny-write-html"
-description = "Denies the write_html command without any pre-configured scope."
-commands.deny = ["write_html"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write-image"
-description = "Enables the write_image command without any pre-configured scope."
-commands.allow = ["write_image"]
-
-[[permission]]
-identifier = "deny-write-image"
-description = "Denies the write_image command without any pre-configured scope."
-commands.deny = ["write_image"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write-text"
-description = "Enables the write_text command without any pre-configured scope."
-commands.allow = ["write_text"]
-
-[[permission]]
-identifier = "deny-write-text"
-description = "Denies the write_text command without any pre-configured scope."
-commands.deny = ["write_text"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["get_current","register","unregister","is_registered"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-get-current"
-description = "Enables the get_current command without any pre-configured scope."
-commands.allow = ["get_current"]
-
-[[permission]]
-identifier = "deny-get-current"
-description = "Denies the get_current command without any pre-configured scope."
-commands.deny = ["get_current"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-is-registered"
-description = "Enables the is_registered command without any pre-configured scope."
-commands.allow = ["is_registered"]
-
-[[permission]]
-identifier = "deny-is-registered"
-description = "Denies the is_registered command without any pre-configured scope."
-commands.deny = ["is_registered"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-register"
-description = "Enables the register command without any pre-configured scope."
-commands.allow = ["register"]
-
-[[permission]]
-identifier = "deny-register"
-description = "Denies the register command without any pre-configured scope."
-commands.deny = ["register"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-unregister"
-description = "Enables the unregister command without any pre-configured scope."
-commands.allow = ["unregister"]
-
-[[permission]]
-identifier = "deny-unregister"
-description = "Denies the unregister command without any pre-configured scope."
-commands.deny = ["unregister"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["open","save","message"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-message"
-description = "Enables the message command without any pre-configured scope."
-commands.allow = ["message"]
-
-[[permission]]
-identifier = "deny-message"
-description = "Denies the message command without any pre-configured scope."
-commands.deny = ["message"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-open"
-description = "Enables the open command without any pre-configured scope."
-commands.allow = ["open"]
-
-[[permission]]
-identifier = "deny-open"
-description = "Denies the open command without any pre-configured scope."
-commands.deny = ["open"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-save"
-description = "Enables the save command without any pre-configured scope."
-commands.allow = ["save"]
-
-[[permission]]
-identifier = "deny-save"
-description = "Denies the save command without any pre-configured scope."
-commands.deny = ["save"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -20,8 +20,6 @@ ios = { level = "partial", notes = "Access is restricted to Application folder b
 tauri-plugin = { workspace = true, features = ["build"] }
 schemars = { workspace = true }
 serde = { workspace = true }
-toml = "1.0"
-tauri-utils = { workspace = true }

 [dependencies]
 serde = { workspace = true }
@@ -7,8 +7,6 @@ use std::{
    path::{Path, PathBuf},
 };

-use tauri_utils::acl::manifest::PermissionFile;
-
 #[path = "src/scope.rs"]
 #[allow(dead_code)]
 mod scope;
@@ -77,35 +75,35 @@ const BASE_DIR_VARS: &[&str] = &[
    "APPCACHE",
    "APPLOG",
 ];
-const COMMANDS: &[(&str, &[&str])] = &[
-    ("mkdir", &[]),
-    ("create", &[]),
-    ("copy_file", &[]),
-    ("remove", &[]),
-    ("rename", &[]),
-    ("truncate", &[]),
-    ("ftruncate", &[]),
-    ("write", &[]),
-    ("write_file", &["open", "write"]),
-    ("write_text_file", &[]),
-    ("read_dir", &[]),
-    ("read_file", &[]),
-    ("read", &[]),
-    ("open", &[]),
-    ("read_text_file", &[]),
-    ("read_text_file_lines", &["read_text_file_lines_next"]),
-    ("read_text_file_lines_next", &[]),
-    ("seek", &[]),
-    ("stat", &[]),
-    ("lstat", &[]),
-    ("fstat", &[]),
-    ("exists", &[]),
-    ("watch", &[]),
+// `write_file` and `read_text_file_lines` allow nested commands, so their permissions are
+// manually authored in `permissions/commands/` instead of being autogenerated from this list.
+const COMMANDS: &[&str] = &[
+    "mkdir",
+    "create",
+    "copy_file",
+    "remove",
+    "rename",
+    "truncate",
+    "ftruncate",
+    "write",
+    "write_text_file",
+    "read_dir",
+    "read_file",
+    "read",
+    "open",
+    "read_text_file",
+    "read_text_file_lines_next",
+    "seek",
+    "stat",
+    "lstat",
+    "fstat",
+    "exists",
+    "watch",
    // TODO: Remove this in v3
-    ("unwatch", &[]),
-    ("size", &[]),
-    ("start_accessing_security_scoped_resource", &[]),
-    ("stop_accessing_security_scoped_resource", &[]),
+    "unwatch",
+    "size",
+    "start_accessing_security_scoped_resource",
+    "stop_accessing_security_scoped_resource",
 ];

 fn main() {
@@ -211,62 +209,12 @@ permissions = [
        }
    }

-    tauri_plugin::Builder::new(
-        &COMMANDS
-            .iter()
-            // FIXME: https://docs.rs/crate/tauri-plugin-fs/2.1.0/builds/1571296
-            .filter(|c| c.1.is_empty())
-            .map(|c| c.0)
-            .collect::<Vec<_>>(),
-    )
-    .global_api_script_path("./api-iife.js")
-    .global_scope_schema(
-        schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
-            .into_root_schema_for::<FsScopeEntry>(),
-    )
-    .android_path("android")
-    .build();
-
-    // workaround to include nested permissions as `tauri_plugin` doesn't support it
-    let permissions_dir = autogenerated.join("commands");
-    for (command, nested_commands) in COMMANDS {
-        if nested_commands.is_empty() {
-            continue;
-        }
-
-        let permission_path = permissions_dir.join(format!("{command}.toml"));
-
-        let content = std::fs::read_to_string(&permission_path)
-            .unwrap_or_else(|_| panic!("failed to read {command}.toml"));
-
-        let mut permission_file = toml::from_str::<PermissionFile>(&content)
-            .unwrap_or_else(|_| panic!("failed to deserialize {command}.toml"));
-
-        for p in permission_file
-            .permission
-            .iter_mut()
-            .filter(|p| p.identifier.starts_with("allow"))
-        {
-            for c in nested_commands.iter().map(|s| s.to_string()) {
-                if !p.commands.allow.contains(&c) {
-                    p.commands.allow.push(c);
-                }
-            }
-        }
-
-        let out = toml::to_string_pretty(&permission_file)
-            .unwrap_or_else(|_| panic!("failed to serialize {command}.toml"));
-        let out = format!(
-            r#"# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-{out}"#
-        );
-
-        if content != out {
-            std::fs::write(permission_path, out)
-                .unwrap_or_else(|_| panic!("failed to write {command}.toml"));
-        }
-    }
+    tauri_plugin::Builder::new(COMMANDS)
+        .global_api_script_path("./api-iife.js")
+        .global_scope_schema(
+            schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
+                .into_root_schema_for::<FsScopeEntry>(),
+        )
+        .android_path("android")
+        .build();
 }
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["mkdir","create","copy_file","remove","rename","truncate","ftruncate","write","write_text_file","read_dir","read_file","read","open","read_text_file","read_text_file_lines_next","seek","stat","lstat","fstat","exists","watch","unwatch","size","start_accessing_security_scoped_resource","stop_accessing_security_scoped_resource"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-copy-file"
-description = "Enables the copy_file command without any pre-configured scope."
-commands.allow = ["copy_file"]
-
-[[permission]]
-identifier = "deny-copy-file"
-description = "Denies the copy_file command without any pre-configured scope."
-commands.deny = ["copy_file"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-create"
-description = "Enables the create command without any pre-configured scope."
-commands.allow = ["create"]
-
-[[permission]]
-identifier = "deny-create"
-description = "Denies the create command without any pre-configured scope."
-commands.deny = ["create"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-exists"
-description = "Enables the exists command without any pre-configured scope."
-commands.allow = ["exists"]
-
-[[permission]]
-identifier = "deny-exists"
-description = "Denies the exists command without any pre-configured scope."
-commands.deny = ["exists"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-fstat"
-description = "Enables the fstat command without any pre-configured scope."
-commands.allow = ["fstat"]
-
-[[permission]]
-identifier = "deny-fstat"
-description = "Denies the fstat command without any pre-configured scope."
-commands.deny = ["fstat"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-ftruncate"
-description = "Enables the ftruncate command without any pre-configured scope."
-commands.allow = ["ftruncate"]
-
-[[permission]]
-identifier = "deny-ftruncate"
-description = "Denies the ftruncate command without any pre-configured scope."
-commands.deny = ["ftruncate"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-lstat"
-description = "Enables the lstat command without any pre-configured scope."
-commands.allow = ["lstat"]
-
-[[permission]]
-identifier = "deny-lstat"
-description = "Denies the lstat command without any pre-configured scope."
-commands.deny = ["lstat"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-mkdir"
-description = "Enables the mkdir command without any pre-configured scope."
-commands.allow = ["mkdir"]
-
-[[permission]]
-identifier = "deny-mkdir"
-description = "Denies the mkdir command without any pre-configured scope."
-commands.deny = ["mkdir"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-open"
-description = "Enables the open command without any pre-configured scope."
-commands.allow = ["open"]
-
-[[permission]]
-identifier = "deny-open"
-description = "Denies the open command without any pre-configured scope."
-commands.deny = ["open"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read"
-description = "Enables the read command without any pre-configured scope."
-commands.allow = ["read"]
-
-[[permission]]
-identifier = "deny-read"
-description = "Denies the read command without any pre-configured scope."
-commands.deny = ["read"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-dir"
-description = "Enables the read_dir command without any pre-configured scope."
-commands.allow = ["read_dir"]
-
-[[permission]]
-identifier = "deny-read-dir"
-description = "Denies the read_dir command without any pre-configured scope."
-commands.deny = ["read_dir"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-file"
-description = "Enables the read_file command without any pre-configured scope."
-commands.allow = ["read_file"]
-
-[[permission]]
-identifier = "deny-read-file"
-description = "Denies the read_file command without any pre-configured scope."
-commands.deny = ["read_file"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-text-file"
-description = "Enables the read_text_file command without any pre-configured scope."
-commands.allow = ["read_text_file"]
-
-[[permission]]
-identifier = "deny-read-text-file"
-description = "Denies the read_text_file command without any pre-configured scope."
-commands.deny = ["read_text_file"]
@@ -1,22 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-text-file-lines"
-description = "Enables the read_text_file_lines command without any pre-configured scope."
-
-[permission.commands]
-allow = [
-    "read_text_file_lines",
-    "read_text_file_lines_next",
-]
-deny = []
-
-[[permission]]
-identifier = "deny-read-text-file-lines"
-description = "Denies the read_text_file_lines command without any pre-configured scope."
-
-[permission.commands]
-allow = []
-deny = ["read_text_file_lines"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-read-text-file-lines-next"
-description = "Enables the read_text_file_lines_next command without any pre-configured scope."
-commands.allow = ["read_text_file_lines_next"]
-
-[[permission]]
-identifier = "deny-read-text-file-lines-next"
-description = "Denies the read_text_file_lines_next command without any pre-configured scope."
-commands.deny = ["read_text_file_lines_next"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-remove"
-description = "Enables the remove command without any pre-configured scope."
-commands.allow = ["remove"]
-
-[[permission]]
-identifier = "deny-remove"
-description = "Denies the remove command without any pre-configured scope."
-commands.deny = ["remove"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-rename"
-description = "Enables the rename command without any pre-configured scope."
-commands.allow = ["rename"]
-
-[[permission]]
-identifier = "deny-rename"
-description = "Denies the rename command without any pre-configured scope."
-commands.deny = ["rename"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-seek"
-description = "Enables the seek command without any pre-configured scope."
-commands.allow = ["seek"]
-
-[[permission]]
-identifier = "deny-seek"
-description = "Denies the seek command without any pre-configured scope."
-commands.deny = ["seek"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-size"
-description = "Enables the size command without any pre-configured scope."
-commands.allow = ["size"]
-
-[[permission]]
-identifier = "deny-size"
-description = "Denies the size command without any pre-configured scope."
-commands.deny = ["size"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-start-accessing-security-scoped-resource"
-description = "Enables the start_accessing_security_scoped_resource command without any pre-configured scope."
-commands.allow = ["start_accessing_security_scoped_resource"]
-
-[[permission]]
-identifier = "deny-start-accessing-security-scoped-resource"
-description = "Denies the start_accessing_security_scoped_resource command without any pre-configured scope."
-commands.deny = ["start_accessing_security_scoped_resource"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-stat"
-description = "Enables the stat command without any pre-configured scope."
-commands.allow = ["stat"]
-
-[[permission]]
-identifier = "deny-stat"
-description = "Denies the stat command without any pre-configured scope."
-commands.deny = ["stat"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-stop-accessing-security-scoped-resource"
-description = "Enables the stop_accessing_security_scoped_resource command without any pre-configured scope."
-commands.allow = ["stop_accessing_security_scoped_resource"]
-
-[[permission]]
-identifier = "deny-stop-accessing-security-scoped-resource"
-description = "Denies the stop_accessing_security_scoped_resource command without any pre-configured scope."
-commands.deny = ["stop_accessing_security_scoped_resource"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-truncate"
-description = "Enables the truncate command without any pre-configured scope."
-commands.allow = ["truncate"]
-
-[[permission]]
-identifier = "deny-truncate"
-description = "Denies the truncate command without any pre-configured scope."
-commands.deny = ["truncate"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-unwatch"
-description = "Enables the unwatch command without any pre-configured scope."
-commands.allow = ["unwatch"]
-
-[[permission]]
-identifier = "deny-unwatch"
-description = "Denies the unwatch command without any pre-configured scope."
-commands.deny = ["unwatch"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-watch"
-description = "Enables the watch command without any pre-configured scope."
-commands.allow = ["watch"]
-
-[[permission]]
-identifier = "deny-watch"
-description = "Denies the watch command without any pre-configured scope."
-commands.deny = ["watch"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write"
-description = "Enables the write command without any pre-configured scope."
-commands.allow = ["write"]
-
-[[permission]]
-identifier = "deny-write"
-description = "Denies the write command without any pre-configured scope."
-commands.deny = ["write"]
@@ -1,23 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write-file"
-description = "Enables the write_file command without any pre-configured scope."
-
-[permission.commands]
-allow = [
-    "write_file",
-    "open",
-    "write",
-]
-deny = []
-
-[[permission]]
-identifier = "deny-write-file"
-description = "Denies the write_file command without any pre-configured scope."
-
-[permission.commands]
-allow = []
-deny = ["write_file"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-write-text-file"
-description = "Enables the write_text_file command without any pre-configured scope."
-commands.allow = ["write_text_file"]
-
-[[permission]]
-identifier = "deny-write-text-file"
-description = "Denies the write_text_file command without any pre-configured scope."
-commands.deny = ["write_text_file"]
@@ -3279,32 +3279,6 @@ Denies the read_text_file command without any pre-configured scope.
 <tr>
 <td>

-`fs:allow-read-text-file-lines`
-
-</td>
-<td>
-
-Enables the read_text_file_lines command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`fs:deny-read-text-file-lines`
-
-</td>
-<td>
-
-Denies the read_text_file_lines command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
 `fs:allow-read-text-file-lines-next`

 </td>
@@ -3617,32 +3591,6 @@ Denies the write command without any pre-configured scope.
 <tr>
 <td>

-`fs:allow-write-file`
-
-</td>
-<td>
-
-Enables the write_file command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`fs:deny-write-file`
-
-</td>
-<td>
-
-Denies the write_file command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
 `fs:allow-write-text-file`

 </td>
@@ -3669,6 +3617,58 @@ Denies the write_text_file command without any pre-configured scope.
 <tr>
 <td>

+`fs:allow-read-text-file-lines`
+
+</td>
+<td>
+
+Enables the read_text_file_lines command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-read-text-file-lines`
+
+</td>
+<td>
+
+Denies the read_text_file_lines command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:allow-write-file`
+
+</td>
+<td>
+
+Enables the write_file command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-write-file`
+
+</td>
+<td>
+
+Denies the write_file command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
 `fs:create-app-specific-dirs`

 </td>
@@ -0,0 +1,17 @@
+"$schema" = "../schemas/schema.json"
+
+# This command allows nested commands, so its permissions are manually
+# authored here instead of being autogenerated from the `COMMANDS` list in `build.rs`.
+
+[[permission]]
+identifier = "allow-read-text-file-lines"
+description = "Enables the read_text_file_lines command without any pre-configured scope."
+commands.allow = [
+  "read_text_file_lines",
+  "read_text_file_lines_next",
+]
+
+[[permission]]
+identifier = "deny-read-text-file-lines"
+description = "Denies the read_text_file_lines command without any pre-configured scope."
+commands.deny = ["read_text_file_lines"]
@@ -0,0 +1,18 @@
+"$schema" = "../schemas/schema.json"
+
+# This command allows nested commands, so its permissions are manually
+# authored here instead of being autogenerated from the `COMMANDS` list in `build.rs`.
+
+[[permission]]
+identifier = "allow-write-file"
+description = "Enables the write_file command without any pre-configured scope."
+commands.allow = [
+  "write_file",
+  "open",
+  "write",
+]
+
+[[permission]]
+identifier = "deny-write-file"
+description = "Denies the write_file command without any pre-configured scope."
+commands.deny = ["write_file"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-check-permissions"
-description = "Enables the check_permissions command without any pre-configured scope."
-commands.allow = ["check_permissions"]
-
-[[permission]]
-identifier = "deny-check-permissions"
-description = "Denies the check_permissions command without any pre-configured scope."
-commands.deny = ["check_permissions"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-clear-permissions"
-description = "Enables the clear_permissions command without any pre-configured scope."
-commands.allow = ["clear_permissions"]
-
-[[permission]]
-identifier = "deny-clear-permissions"
-description = "Denies the clear_permissions command without any pre-configured scope."
-commands.deny = ["clear_permissions"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-clear-watch"
-description = "Enables the clear_watch command without any pre-configured scope."
-commands.allow = ["clear_watch"]
-
-[[permission]]
-identifier = "deny-clear-watch"
-description = "Denies the clear_watch command without any pre-configured scope."
-commands.deny = ["clear_watch"]
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["get_current_position","watch_position","clear_watch","check_permissions","request_permissions"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-get-current-position"
-description = "Enables the get_current_position command without any pre-configured scope."
-commands.allow = ["get_current_position"]
-
-[[permission]]
-identifier = "deny-get-current-position"
-description = "Denies the get_current_position command without any pre-configured scope."
-commands.deny = ["get_current_position"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-request-permissions"
-description = "Enables the request_permissions command without any pre-configured scope."
-commands.allow = ["request_permissions"]
-
-[[permission]]
-identifier = "deny-request-permissions"
-description = "Denies the request_permissions command without any pre-configured scope."
-commands.deny = ["request_permissions"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-watch-position"
-description = "Enables the watch_position command without any pre-configured scope."
-commands.allow = ["watch_position"]
-
-[[permission]]
-identifier = "deny-watch-position"
-description = "Denies the watch_position command without any pre-configured scope."
-commands.deny = ["watch_position"]
@@ -36,32 +36,6 @@ Denies the check_permissions command without any pre-configured scope.
 <tr>
 <td>

-`geolocation:allow-clear-permissions`
-
-</td>
-<td>
-
-Enables the clear_permissions command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`geolocation:deny-clear-permissions`
-
-</td>
-<td>
-
-Denies the clear_permissions command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
 `geolocation:allow-clear-watch`

 </td>
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["register","unregister","unregister_all","is_registered"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-is-registered"
-description = "Enables the is_registered command without any pre-configured scope."
-commands.allow = ["is_registered"]
-
-[[permission]]
-identifier = "deny-is-registered"
-description = "Denies the is_registered command without any pre-configured scope."
-commands.deny = ["is_registered"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-register"
-description = "Enables the register command without any pre-configured scope."
-commands.allow = ["register"]
-
-[[permission]]
-identifier = "deny-register"
-description = "Denies the register command without any pre-configured scope."
-commands.deny = ["register"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-register-all"
-description = "Enables the register_all command without any pre-configured scope."
-commands.allow = ["register_all"]
-
-[[permission]]
-identifier = "deny-register-all"
-description = "Denies the register_all command without any pre-configured scope."
-commands.deny = ["register_all"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-unregister"
-description = "Enables the unregister command without any pre-configured scope."
-commands.allow = ["unregister"]
-
-[[permission]]
-identifier = "deny-unregister"
-description = "Denies the unregister command without any pre-configured scope."
-commands.deny = ["unregister"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-unregister-all"
-description = "Enables the unregister_all command without any pre-configured scope."
-commands.allow = ["unregister_all"]
-
-[[permission]]
-identifier = "deny-unregister-all"
-description = "Denies the unregister_all command without any pre-configured scope."
-commands.deny = ["unregister_all"]
@@ -69,32 +69,6 @@ Denies the register command without any pre-configured scope.
 <tr>
 <td>

-`global-shortcut:allow-register-all`
-
-</td>
-<td>
-
-Enables the register_all command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`global-shortcut:deny-register-all`
-
-</td>
-<td>
-
-Denies the register_all command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
 `global-shortcut:allow-unregister`

 </td>
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["vibrate","impact_feedback","notification_feedback","selection_feedback"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-impact-feedback"
-description = "Enables the impact_feedback command without any pre-configured scope."
-commands.allow = ["impact_feedback"]
-
-[[permission]]
-identifier = "deny-impact-feedback"
-description = "Denies the impact_feedback command without any pre-configured scope."
-commands.deny = ["impact_feedback"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-notification-feedback"
-description = "Enables the notification_feedback command without any pre-configured scope."
-commands.allow = ["notification_feedback"]
-
-[[permission]]
-identifier = "deny-notification-feedback"
-description = "Denies the notification_feedback command without any pre-configured scope."
-commands.deny = ["notification_feedback"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-selection-feedback"
-description = "Enables the selection_feedback command without any pre-configured scope."
-commands.allow = ["selection_feedback"]
-
-[[permission]]
-identifier = "deny-selection-feedback"
-description = "Denies the selection_feedback command without any pre-configured scope."
-commands.deny = ["selection_feedback"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-vibrate"
-description = "Enables the vibrate command without any pre-configured scope."
-commands.allow = ["vibrate"]
-
-[[permission]]
-identifier = "deny-vibrate"
-description = "Denies the vibrate command without any pre-configured scope."
-commands.deny = ["vibrate"]
@@ -29,6 +29,13 @@
        "$ref": "#/definitions/Permission"
      },
      "default": []
+    },
+    "commands": {
+      "description": "A list of command names that get `allow-$command` and `deny-$command` permissions\nautogenerated on demand instead of being stored as explicit permissions.\n\nSee [`Manifest::command_permission`] and the ACL resolver for how these are expanded.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
    }
  },
  "definitions": {
@@ -0,0 +1,5 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+commands = ["fetch","fetch_cancel","fetch_send","fetch_read_body","fetch_cancel_body"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-fetch"
-description = "Enables the fetch command without any pre-configured scope."
-commands.allow = ["fetch"]
-
-[[permission]]
-identifier = "deny-fetch"
-description = "Denies the fetch command without any pre-configured scope."
-commands.deny = ["fetch"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-fetch-cancel"
-description = "Enables the fetch_cancel command without any pre-configured scope."
-commands.allow = ["fetch_cancel"]
-
-[[permission]]
-identifier = "deny-fetch-cancel"
-description = "Denies the fetch_cancel command without any pre-configured scope."
-commands.deny = ["fetch_cancel"]
@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-fetch-cancel-body"
-description = "Enables the fetch_cancel_body command without any pre-configured scope."
-commands.allow = ["fetch_cancel_body"]
-
-[[permission]]
-identifier = "deny-fetch-cancel-body"
-description = "Denies the fetch_cancel_body command without any pre-configured scope."
-commands.deny = ["fetch_cancel_body"]
--- a/Show More
+++ b/Show More