feat: update to tauri beta, add permissions (#862)

Co-authored-by: Lucas Nogueira <lucas@tauri.app> Co-authored-by: Lucas Nogueira <lucas@crabnebula.dev>
2026-06-06 13:53:54 +02:00 · 2024-02-04 03:14:41 +09:00
parent 506ce4835b
commit d198c01486
387 changed files with 21883 additions and 943 deletions
@@ -6,10 +6,14 @@ authors = { workspace = true }
 license = { workspace = true }
 edition = { workspace = true }
 rust-version = { workspace = true }
+links = "tauri-plugin-authenticator"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[build-dependencies]
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -0,0 +1,15 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+const COMMANDS: &[&str] = &[
+    "init_auth",
+    "register",
+    "verify_registration",
+    "sign",
+    "verify_signature",
+];
+
+fn main() {
+    tauri_plugin::Builder::new(COMMANDS).build();
+}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-init-auth"
+description = "Enables the init_auth command without any pre-configured scope."
+commands.allow = ["init_auth"]
+
+[[permission]]
+identifier = "deny-init-auth"
+description = "Denies the init_auth command without any pre-configured scope."
+commands.deny = ["init_auth"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-register"
+description = "Enables the register command without any pre-configured scope."
+commands.allow = ["register"]
+
+[[permission]]
+identifier = "deny-register"
+description = "Denies the register command without any pre-configured scope."
+commands.deny = ["register"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-sign"
+description = "Enables the sign command without any pre-configured scope."
+commands.allow = ["sign"]
+
+[[permission]]
+identifier = "deny-sign"
+description = "Denies the sign command without any pre-configured scope."
+commands.deny = ["sign"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-verify-registration"
+description = "Enables the verify_registration command without any pre-configured scope."
+commands.allow = ["verify_registration"]
+
+[[permission]]
+identifier = "deny-verify-registration"
+description = "Denies the verify_registration command without any pre-configured scope."
+commands.deny = ["verify_registration"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-verify-signature"
+description = "Enables the verify_signature command without any pre-configured scope."
+commands.allow = ["verify_signature"]
+
+[[permission]]
+identifier = "deny-verify-signature"
+description = "Denies the verify_signature command without any pre-configured scope."
+commands.deny = ["verify_signature"]
@@ -0,0 +1,42 @@
+# Permissions
+
+## allow-init-auth
+
+Enables the init_auth command without any pre-configured scope.
+
+## deny-init-auth
+
+Denies the init_auth command without any pre-configured scope.
+
+## allow-register
+
+Enables the register command without any pre-configured scope.
+
+## deny-register
+
+Denies the register command without any pre-configured scope.
+
+## allow-sign
+
+Enables the sign command without any pre-configured scope.
+
+## deny-sign
+
+Denies the sign command without any pre-configured scope.
+
+## allow-verify-registration
+
+Enables the verify_registration command without any pre-configured scope.
+
+## deny-verify-registration
+
+Denies the verify_registration command without any pre-configured scope.
+
+## allow-verify-signature
+
+Enables the verify_signature command without any pre-configured scope.
+
+## deny-verify-signature
+
+Denies the verify_signature command without any pre-configured scope.
+
@@ -6,11 +6,15 @@ authors = { workspace = true }
 license = { workspace = true }
 edition = { workspace = true }
 rust-version = { workspace = true }
+links = "tauri-plugin-autostart"

 [package.metadata.docs.rs]
 rustc-args = [ "--cfg", "docsrs" ]
 rustdoc-args = [ "--cfg", "docsrs" ]

+[build-dependencies]
+tauri-plugin = { workspace = true, features = [ "build" ] }
+
 [dependencies]
 serde = { workspace = true }
 serde_json = { workspace = true }
@@ -0,0 +1,9 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+const COMMANDS: &[&str] = &["enable", "disable", "is_enabled"];
+
+fn main() {
+    tauri_plugin::Builder::new(COMMANDS).build();
+}
@@ -23,6 +23,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-disable"
+description = "Enables the disable command without any pre-configured scope."
+commands.allow = ["disable"]
+
+[[permission]]
+identifier = "deny-disable"
+description = "Denies the disable command without any pre-configured scope."
+commands.deny = ["disable"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-enable"
+description = "Enables the enable command without any pre-configured scope."
+commands.allow = ["enable"]
+
+[[permission]]
+identifier = "deny-enable"
+description = "Denies the enable command without any pre-configured scope."
+commands.deny = ["enable"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-is-enabled"
+description = "Enables the is_enabled command without any pre-configured scope."
+commands.allow = ["is_enabled"]
+
+[[permission]]
+identifier = "deny-is-enabled"
+description = "Denies the is_enabled command without any pre-configured scope."
+commands.deny = ["is_enabled"]
@@ -0,0 +1,26 @@
+# Permissions
+
+## allow-disable
+
+Enables the disable command without any pre-configured scope.
+
+## deny-disable
+
+Denies the disable command without any pre-configured scope.
+
+## allow-enable
+
+Enables the enable command without any pre-configured scope.
+
+## deny-enable
+
+Denies the enable command without any pre-configured scope.
+
+## allow-is-enabled
+
+Enables the is_enabled command without any pre-configured scope.
+
+## deny-is-enabled
+
+Denies the is_enabled command without any pre-configured scope.
+
@@ -9,12 +9,12 @@ rust-version = { workspace = true }
 links = "tauri-plugin-barcode-scanner"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
-targets = [ "x86_64-linux-android" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+targets = ["x86_64-linux-android"]

 [build-dependencies]
-tauri-build = { workspace = true }
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -2,11 +2,20 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

+const COMMANDS: &[&str] = &[
+    "scan",
+    "cancel",
+    "request_permissions",
+    "check_permissions",
+    "open_app_settings",
+    "vibrate",
+];
+
 fn main() {
-    if let Err(error) = tauri_build::mobile::PluginBuilder::new()
+    if let Err(error) = tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
        .ios_path("ios")
-        .run()
+        .try_build()
    {
        println!("{error:#}");
        // when building documentation for Android the plugin build result is irrelevant to the crate itself
@@ -39,14 +39,14 @@ export interface Scanned {
 * @param options
 */
 export async function scan(options?: ScanOptions): Promise<Scanned> {
-  return await invoke("plugin:barcodeScanner|scan", { ...options });
+  return await invoke("plugin:barcode-scanner|scan", { ...options });
 }

 /**
 * Cancel the current scan process.
 */
 export async function cancel(): Promise<void> {
-  return await invoke("plugin:barcodeScanner|cancel");
+  return await invoke("plugin:barcode-scanner|cancel");
 }

 /**
@@ -54,7 +54,7 @@ export async function cancel(): Promise<void> {
 */
 export async function checkPermissions(): Promise<PermissionState> {
  return await invoke<{ camera: PermissionState }>(
-    "plugin:barcodeScanner|checkPermissions",
+    "plugin:barcode-scanner|check_permissions",
  ).then((r) => r.camera);
 }

@@ -63,7 +63,7 @@ export async function checkPermissions(): Promise<PermissionState> {
 */
 export async function requestPermissions(): Promise<PermissionState> {
  return await invoke<{ camera: PermissionState }>(
-    "plugin:barcodeScanner|requestPermissions",
+    "plugin:barcode-scanner|request_permissions",
  ).then((r) => r.camera);
 }

@@ -71,5 +71,5 @@ export async function requestPermissions(): Promise<PermissionState> {
 * Open application settings. Useful if permission was denied and the user must manually enable it.
 */
 export async function openAppSettings(): Promise<void> {
-  return await invoke("plugin:barcodeScanner|openAppSettings");
+  return await invoke("plugin:barcode-scanner|open_app_settings");
 }
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-cancel"
+description = "Enables the cancel command without any pre-configured scope."
+commands.allow = ["cancel"]
+
+[[permission]]
+identifier = "deny-cancel"
+description = "Denies the cancel command without any pre-configured scope."
+commands.deny = ["cancel"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-check-permissions"
+description = "Enables the check_permissions command without any pre-configured scope."
+commands.allow = ["check_permissions"]
+
+[[permission]]
+identifier = "deny-check-permissions"
+description = "Denies the check_permissions command without any pre-configured scope."
+commands.deny = ["check_permissions"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-open-app-settings"
+description = "Enables the open_app_settings command without any pre-configured scope."
+commands.allow = ["open_app_settings"]
+
+[[permission]]
+identifier = "deny-open-app-settings"
+description = "Denies the open_app_settings command without any pre-configured scope."
+commands.deny = ["open_app_settings"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-request-permissions"
+description = "Enables the request_permissions command without any pre-configured scope."
+commands.allow = ["request_permissions"]
+
+[[permission]]
+identifier = "deny-request-permissions"
+description = "Denies the request_permissions command without any pre-configured scope."
+commands.deny = ["request_permissions"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-scan"
+description = "Enables the scan command without any pre-configured scope."
+commands.allow = ["scan"]
+
+[[permission]]
+identifier = "deny-scan"
+description = "Denies the scan command without any pre-configured scope."
+commands.deny = ["scan"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-vibrate"
+description = "Enables the vibrate command without any pre-configured scope."
+commands.allow = ["vibrate"]
+
+[[permission]]
+identifier = "deny-vibrate"
+description = "Denies the vibrate command without any pre-configured scope."
+commands.deny = ["vibrate"]
@@ -0,0 +1,50 @@
+# Permissions
+
+## allow-cancel
+
+Enables the cancel command without any pre-configured scope.
+
+## deny-cancel
+
+Denies the cancel command without any pre-configured scope.
+
+## allow-check-permissions
+
+Enables the check_permissions command without any pre-configured scope.
+
+## deny-check-permissions
+
+Denies the check_permissions command without any pre-configured scope.
+
+## allow-open-app-settings
+
+Enables the open_app_settings command without any pre-configured scope.
+
+## deny-open-app-settings
+
+Denies the open_app_settings command without any pre-configured scope.
+
+## allow-request-permissions
+
+Enables the request_permissions command without any pre-configured scope.
+
+## deny-request-permissions
+
+Denies the request_permissions command without any pre-configured scope.
+
+## allow-scan
+
+Enables the scan command without any pre-configured scope.
+
+## deny-scan
+
+Denies the scan command without any pre-configured scope.
+
+## allow-vibrate
+
+Enables the vibrate command without any pre-configured scope.
+
+## deny-vibrate
+
+Denies the vibrate command without any pre-configured scope.
+
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_BARCODESCANNER__=function(n){"use strict";async function e(n,e={},r){return window.__TAURI_INTERNALS__.invoke(n,e,r)}var r;return"function"==typeof SuppressedError&&SuppressedError,n.Format=void 0,(r=n.Format||(n.Format={})).QRCode="QR_CODE",r.UPC_A="UPC_A",r.UPC_E="UPC_E",r.EAN8="EAN_8",r.EAN13="EAN_13",r.Code39="CODE_39",r.Code93="CODE_93",r.Code128="CODE_128",r.Codabar="CODABAR",r.ITF="ITF",r.Aztec="AZTEC",r.DataMatrix="DATA_MATRIX",r.PDF417="PDF_417",n.cancel=async function(){return await e("plugin:barcodeScanner|cancel")},n.checkPermissions=async function(){return await e("plugin:barcodeScanner|checkPermissions").then((n=>n.camera))},n.openAppSettings=async function(){return await e("plugin:barcodeScanner|openAppSettings")},n.requestPermissions=async function(){return await e("plugin:barcodeScanner|requestPermissions").then((n=>n.camera))},n.scan=async function(n){return await e("plugin:barcodeScanner|scan",{...n})},n}({});Object.defineProperty(window.__TAURI__,"barcodeScanner",{value:__TAURI_PLUGIN_BARCODESCANNER__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_BARCODESCANNER__=function(n){"use strict";async function e(n,e={},r){return window.__TAURI_INTERNALS__.invoke(n,e,r)}var r;return"function"==typeof SuppressedError&&SuppressedError,n.Format=void 0,(r=n.Format||(n.Format={})).QRCode="QR_CODE",r.UPC_A="UPC_A",r.UPC_E="UPC_E",r.EAN8="EAN_8",r.EAN13="EAN_13",r.Code39="CODE_39",r.Code93="CODE_93",r.Code128="CODE_128",r.Codabar="CODABAR",r.ITF="ITF",r.Aztec="AZTEC",r.DataMatrix="DATA_MATRIX",r.PDF417="PDF_417",n.cancel=async function(){return await e("plugin:barcode-scanner|cancel")},n.checkPermissions=async function(){return await e("plugin:barcode-scanner|check_permissions").then((n=>n.camera))},n.openAppSettings=async function(){return await e("plugin:barcode-scanner|open_app_settings")},n.requestPermissions=async function(){return await e("plugin:barcode-scanner|request_permissions").then((n=>n.camera))},n.scan=async function(n){return await e("plugin:barcode-scanner|scan",{...n})},n}({});Object.defineProperty(window.__TAURI__,"barcodeScanner",{value:__TAURI_PLUGIN_BARCODESCANNER__})}
@@ -40,7 +40,7 @@ impl<R: Runtime, T: Manager<R>> crate::BarcodeScannerExt<R> for T {

 /// Initializes the plugin.
 pub fn init<R: Runtime>() -> TauriPlugin<R> {
-    Builder::new("barcodeScanner")
+    Builder::new("barcode-scanner")
        .setup(|app, api| {
            #[cfg(target_os = "android")]
            let handle = api.register_android_plugin(PLUGIN_IDENTIFIER, "BarcodeScannerPlugin")?;
@@ -12,7 +12,7 @@ rustc-args = ["--cfg", "docsrs"]
 rustdoc-args = ["--cfg", "docsrs"]

 [build-dependencies]
-tauri-build = { workspace = true }
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -110,7 +110,7 @@ class BiometricPlugin(private val activity: Activity): Plugin(activity) {
     * Check the device's availability and type of biometric authentication.
     */
    @Command
-    fun getStatus(invoke: Invoke) {
+    fun status(invoke: Invoke) {
        val manager = BiometricManager.from(activity)
        val biometryResult = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
            manager.canAuthenticate(BiometricManager.Authenticators.BIOMETRIC_WEAK)
@@ -2,15 +2,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-use std::process::exit;
+const COMMANDS: &[&str] = &["authenticate", "status"];

 fn main() {
-    if let Err(error) = tauri_build::mobile::PluginBuilder::new()
+    tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
        .ios_path("ios")
-        .run()
-    {
-        println!("{error:#}");
-        exit(1);
-    }
+        .build();
 }
@@ -27,6 +27,6 @@
    "tslib": "2.6.0"
  },
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-authenticate"
+description = "Enables the authenticate command without any pre-configured scope."
+commands.allow = ["authenticate"]
+
+[[permission]]
+identifier = "deny-authenticate"
+description = "Denies the authenticate command without any pre-configured scope."
+commands.deny = ["authenticate"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-status"
+description = "Enables the status command without any pre-configured scope."
+commands.allow = ["status"]
+
+[[permission]]
+identifier = "deny-status"
+description = "Denies the status command without any pre-configured scope."
+commands.deny = ["status"]
@@ -0,0 +1,18 @@
+# Permissions
+
+## allow-authenticate
+
+Enables the authenticate command without any pre-configured scope.
+
+## deny-authenticate
+
+Denies the authenticate command without any pre-configured scope.
+
+## allow-status
+
+Enables the status command without any pre-configured scope.
+
+## deny-status
+
+Denies the status command without any pre-configured scope.
+
@@ -6,11 +6,15 @@ edition = { workspace = true }
 authors = { workspace = true }
 license = { workspace = true }
 rust-version = { workspace = true }
+links = "tauri-plugin-cli"

 [package.metadata.docs.rs]
 rustc-args = [ "--cfg", "docsrs" ]
 rustdoc-args = [ "--cfg", "docsrs" ]

+[build-dependencies]
+tauri-plugin = { workspace = true, features = [ "build" ] }
+
 [dependencies]
 serde = { workspace = true }
 serde_json = { workspace = true }
@@ -0,0 +1,9 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+const COMMANDS: &[&str] = &["cli_matches"];
+
+fn main() {
+    tauri_plugin::Builder::new(COMMANDS).build();
+}
@@ -23,6 +23,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-cli-matches"
+description = "Enables the cli_matches command without any pre-configured scope."
+commands.allow = ["cli_matches"]
+
+[[permission]]
+identifier = "deny-cli-matches"
+description = "Denies the cli_matches command without any pre-configured scope."
+commands.deny = ["cli_matches"]
@@ -0,0 +1,14 @@
+# Permissions
+
+## allow-cli-matches
+
+Enables the cli_matches command without any pre-configured scope.
+
+## deny-cli-matches
+
+Denies the cli_matches command without any pre-configured scope.
+
+## default
+
+Allows reading the CLI matches
+
@@ -0,0 +1,4 @@
+"$schema" = "schemas/schema.json"
+[default]
+description = "Allows reading the CLI matches"
+permissions = ["allow-cli-matches"]
@@ -9,12 +9,12 @@ rust-version = { workspace = true }
 links = "tauri-plugin-clipboard-manager"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
-targets = [ "x86_64-unknown-linux-gnu", "x86_64-linux-android" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+targets = ["x86_64-unknown-linux-gnu", "x86_64-linux-android"]

 [build-dependencies]
-tauri-build = { workspace = true }
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -2,11 +2,13 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

+const COMMANDS: &[&str] = &["write", "read"];
+
 fn main() {
-    if let Err(error) = tauri_build::mobile::PluginBuilder::new()
+    if let Err(error) = tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
        .ios_path("ios")
-        .run()
+        .try_build()
    {
        println!("{error:#}");
        // when building documentation for Android the plugin build result is irrelevant to the crate itself
@@ -29,7 +29,7 @@ async function writeText(
  text: string,
  opts?: { label?: string },
 ): Promise<void> {
-  return invoke("plugin:clipboard|write", {
+  return invoke("plugin:clipboard-manager|write", {
    data: {
      plainText: {
        label: opts?.label,
@@ -49,7 +49,7 @@ async function writeText(
 * @since 2.0.0
 */
 async function readText(): Promise<string> {
-  const kind: ClipResponse = await invoke("plugin:clipboard|read");
+  const kind: ClipResponse = await invoke("plugin:clipboard-manager|read");
  return kind.plainText.text;
 }

@@ -23,6 +23,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-read"
+description = "Enables the read command without any pre-configured scope."
+commands.allow = ["read"]
+
+[[permission]]
+identifier = "deny-read"
+description = "Denies the read command without any pre-configured scope."
+commands.deny = ["read"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-write"
+description = "Enables the write command without any pre-configured scope."
+commands.allow = ["write"]
+
+[[permission]]
+identifier = "deny-write"
+description = "Denies the write command without any pre-configured scope."
+commands.deny = ["write"]
@@ -0,0 +1,18 @@
+# Permissions
+
+## allow-read
+
+Enables the read command without any pre-configured scope.
+
+## deny-read
+
+Denies the read command without any pre-configured scope.
+
+## allow-write
+
+Enables the write command without any pre-configured scope.
+
+## deny-write
+
+Denies the write command without any pre-configured scope.
+
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_CLIPBOARDMANAGER__=function(e){"use strict";async function n(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}return"function"==typeof SuppressedError&&SuppressedError,e.readText=async function(){return(await n("plugin:clipboard|read")).plainText.text},e.writeText=async function(e,r){return n("plugin:clipboard|write",{data:{plainText:{label:r?.label,text:e}}})},e}({});Object.defineProperty(window.__TAURI__,"clipboardManager",{value:__TAURI_PLUGIN_CLIPBOARDMANAGER__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_CLIPBOARDMANAGER__=function(e){"use strict";async function n(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}return"function"==typeof SuppressedError&&SuppressedError,e.readText=async function(){return(await n("plugin:clipboard-manager|read")).plainText.text},e.writeText=async function(e,r){return n("plugin:clipboard-manager|write",{data:{plainText:{label:r?.label,text:e}}})},e}({});Object.defineProperty(window.__TAURI__,"clipboardManager",{value:__TAURI_PLUGIN_CLIPBOARDMANAGER__})}
@@ -47,7 +47,7 @@ impl<R: Runtime, T: Manager<R>> crate::ClipboardExt<R> for T {

 /// Initializes the plugin.
 pub fn init<R: Runtime>() -> TauriPlugin<R> {
-    Builder::new("clipboard")
+    Builder::new("clipboard-manager")
        .js_init_script(include_str!("api-iife.js").to_string())
        .invoke_handler(tauri::generate_handler![commands::write, commands::read])
        .setup(|app, api| {
@@ -9,14 +9,14 @@ rust-version = { workspace = true }
 links = "tauri-plugin-deep-link"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
-targets = [ "x86_64-linux-android" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+targets = ["x86_64-linux-android"]

 [build-dependencies]
 serde = { workspace = true }
 serde_json = { workspace = true }
-tauri-build = { workspace = true }
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -6,6 +6,8 @@
 mod config;
 use config::{AssociatedDomain, Config};

+const COMMANDS: &[&str] = &["get_current"];
+
 // TODO: Consider using activity-alias in case users may have multiple activities in their app.
 // TODO: Do we want to support the other path* configs too?
 fn intent_filter(domain: &AssociatedDomain) -> String {
@@ -30,9 +32,9 @@ fn intent_filter(domain: &AssociatedDomain) -> String {
 }

 fn main() {
-    if let Err(error) = tauri_build::mobile::PluginBuilder::new()
+    if let Err(error) = tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
-        .run()
+        .try_build()
    {
        println!("{error:#}");
        if !(cfg!(docsrs) && std::env::var("TARGET").unwrap().contains("android")) {
@@ -40,8 +42,8 @@ fn main() {
        }
    }

-    if let Some(config) = tauri_build::config::plugin_config::<Config>("deep-link") {
-        tauri_build::mobile::update_android_manifest(
+    if let Some(config) = tauri_plugin::plugin_config::<Config>("deep-link") {
+        tauri_plugin::mobile::update_android_manifest(
            "DEEP LINK PLUGIN",
            "activity",
            config
@@ -55,7 +57,7 @@ fn main() {

        #[cfg(target_os = "macos")]
        {
-            tauri_build::mobile::update_entitlements(|entitlements| {
+            tauri_plugin::mobile::update_entitlements(|entitlements| {
                entitlements.insert(
                    "com.apple.developer.associated-domains".into(),
                    config
@@ -10,13 +10,13 @@
    "tauri": "tauri"
  },
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13",
+    "@tauri-apps/api": "2.0.0-beta.0",
    "@tauri-apps/plugin-deep-link": "2.0.0-alpha.4"
  },
  "devDependencies": {
-    "@tauri-apps/cli": "2.0.0-alpha.20",
+    "@tauri-apps/cli": "2.0.0-beta.0",
    "internal-ip": "^8.0.0",
    "typescript": "^5.2.2",
-    "vite": "^5.0.6"
+    "vite": "^5.0.12"
  }
 }
@@ -2,4 +2,6 @@
 # will have compiled files and executables
 /target/

+/capabilities/schemas
+
 .cargo
@@ -23,7 +23,7 @@ tauri = { workspace = true }
 tauri-plugin-deep-link = { path = "../../../" }

 [features]
-# this feature is used for production builds or when `devPath` points to the filesystem and the built-in dev server is disabled.
+# this feature is used for production builds or when `devUrl` points to the filesystem and the built-in dev server is disabled.
 # If you use cargo directly instead of tauri's cli you can use this feature flag to switch between tauri's `dev` and `build` modes.
 # DO NOT REMOVE!!
 custom-protocol = [ "tauri/custom-protocol" ]
@@ -2,8 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-use tauri::Manager;
-
 // Learn more about Tauri commands at https://tauri.app/v1/guides/features/command
 #[tauri::command]
 fn greet(name: &str) -> String {
@@ -15,7 +13,7 @@ pub fn run() {
    tauri::Builder::default()
        .plugin(tauri_plugin_deep_link::init())
        .setup(|app| {
-            app.listen_global("deep-link://new-url", |url| {
+            app.listen("deep-link://new-url", |url| {
                dbg!(url);
            });
            Ok(())
@@ -29,8 +29,13 @@
    },
    "deep-link": {
      "domains": [
-        { "host": "fabianlars.de", "pathPrefix": ["/intent"] },
-        { "host": "tauri.app" }
+        {
+          "host": "fabianlars.de",
+          "pathPrefix": ["/intent"]
+        },
+        {
+          "host": "tauri.app"
+        }
      ]
    }
  },
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-get-current"
+description = "Enables the get_current command without any pre-configured scope."
+commands.allow = ["get_current"]
+
+[[permission]]
+identifier = "deny-get-current"
+description = "Denies the get_current command without any pre-configured scope."
+commands.deny = ["get_current"]
@@ -0,0 +1,14 @@
+# Permissions
+
+## allow-get-current
+
+Enables the get_current command without any pre-configured scope.
+
+## deny-get-current
+
+Denies the get_current command without any pre-configured scope.
+
+## default
+
+Allows reading the opened deep link via the get_current command
+
@@ -0,0 +1,4 @@
+"$schema" = "schemas/schema.json"
+[default]
+description = "Allows reading the opened deep link via the get_current command"
+permissions = ["allow-get-current"]
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_DEEPLINK__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function r(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}var t;async function _(e,t,_){return r("plugin:event|listen",{event:e,windowLabel:_?.target,handler:n(t)}).then((n=>async()=>async function(e,n){await r("plugin:event|unlisten",{event:e,eventId:n})}(e,n)))}async function i(){return await r("plugin:deep-link|get_current")}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_CREATED="tauri://window-created",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WINDOW_FILE_DROP="tauri://file-drop",e.WINDOW_FILE_DROP_HOVER="tauri://file-drop-hover",e.WINDOW_FILE_DROP_CANCELLED="tauri://file-drop-cancelled"}(t||(t={})),e.getCurrent=i,e.onOpenUrl=async function(e){const n=await i();return null!=n&&e(n),await _("deep-link://new-url",(n=>e(n.payload)))},e}({});Object.defineProperty(window.__TAURI__,"deepLink",{value:__TAURI_PLUGIN_DEEPLINK__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_DEEPLINK__=function(e){"use strict";function n(e,n=!1){return window.__TAURI_INTERNALS__.transformCallback(e,n)}async function t(e,n={},t){return window.__TAURI_INTERNALS__.invoke(e,n,t)}var r;async function _(e,r,_){const i="string"==typeof _?.target?{kind:"AnyLabel",label:_.target}:_?.target??{kind:"Any"};return t("plugin:event|listen",{event:e,target:i,handler:n(r)}).then((n=>async()=>async function(e,n){await t("plugin:event|unlisten",{event:e,eventId:n})}(e,n)))}async function i(){return await t("plugin:deep-link|get_current")}return"function"==typeof SuppressedError&&SuppressedError,function(e){e.WINDOW_RESIZED="tauri://resize",e.WINDOW_MOVED="tauri://move",e.WINDOW_CLOSE_REQUESTED="tauri://close-requested",e.WINDOW_DESTROYED="tauri://destroyed",e.WINDOW_FOCUS="tauri://focus",e.WINDOW_BLUR="tauri://blur",e.WINDOW_SCALE_FACTOR_CHANGED="tauri://scale-change",e.WINDOW_THEME_CHANGED="tauri://theme-changed",e.WEBVIEW_CREATED="tauri://webview-created",e.WEBVIEW_FILE_DROP="tauri://file-drop",e.WEBVIEW_FILE_DROP_HOVER="tauri://file-drop-hover",e.WEBVIEW_FILE_DROP_CANCELLED="tauri://file-drop-cancelled"}(r||(r={})),e.getCurrent=i,e.onOpenUrl=async function(e){const n=await i();return null!=n&&e(n),await _("deep-link://new-url",(n=>e(n.payload)))},e}({});Object.defineProperty(window.__TAURI__,"deepLink",{value:__TAURI_PLUGIN_DEEPLINK__})}
@@ -43,6 +43,7 @@ fn init_deep_link<R: Runtime, C: DeserializeOwned>(
                    };

                    let _ = app_handle.emit("deep-link://new-url", vec![url]);
+
                    Ok(())
                }),
            },
@@ -9,9 +9,12 @@ rust-version = { workspace = true }
 links = "tauri-plugin-dialog"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
-targets = [ "x86_64-unknown-linux-gnu", "x86_64-linux-android" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+targets = ["x86_64-unknown-linux-gnu", "x86_64-linux-android"]
+
+[build-dependencies]
+tauri-plugin = { workspace = true, features = ["build"] }

 [dependencies]
 serde = { workspace = true }
@@ -25,8 +28,5 @@ tauri-plugin-fs = { path = "../fs", version = "2.0.0-alpha.7" }
 glib = "0.16"

 [target."cfg(any(target_os = \"macos\", windows, target_os = \"linux\", target_os = \"dragonfly\", target_os = \"freebsd\", target_os = \"openbsd\", target_os = \"netbsd\"))".dependencies]
-rfd = { version = "=0.12.0", features = [ "gtk3", "common-controls-v6" ] }
+rfd = { version = "=0.12.0", features = ["gtk3", "common-controls-v6"] }
 raw-window-handle = "0.5"
-
-[build-dependencies]
-tauri-build = { workspace = true }
@@ -2,11 +2,13 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

+const COMMANDS: &[&str] = &["open", "save", "message", "ask", "confirm"];
+
 fn main() {
-    if let Err(error) = tauri_build::mobile::PluginBuilder::new()
+    if let Err(error) = tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
        .ios_path("ios")
-        .run()
+        .try_build()
    {
        println!("{error:#}");
        // when building documentation for Android the plugin build result is irrelevant to the crate itself
@@ -23,6 +23,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-ask"
+description = "Enables the ask command without any pre-configured scope."
+commands.allow = ["ask"]
+
+[[permission]]
+identifier = "deny-ask"
+description = "Denies the ask command without any pre-configured scope."
+commands.deny = ["ask"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-confirm"
+description = "Enables the confirm command without any pre-configured scope."
+commands.allow = ["confirm"]
+
+[[permission]]
+identifier = "deny-confirm"
+description = "Denies the confirm command without any pre-configured scope."
+commands.deny = ["confirm"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-message"
+description = "Enables the message command without any pre-configured scope."
+commands.allow = ["message"]
+
+[[permission]]
+identifier = "deny-message"
+description = "Denies the message command without any pre-configured scope."
+commands.deny = ["message"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-open"
+description = "Enables the open command without any pre-configured scope."
+commands.allow = ["open"]
+
+[[permission]]
+identifier = "deny-open"
+description = "Denies the open command without any pre-configured scope."
+commands.deny = ["open"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-save"
+description = "Enables the save command without any pre-configured scope."
+commands.allow = ["save"]
+
+[[permission]]
+identifier = "deny-save"
+description = "Denies the save command without any pre-configured scope."
+commands.deny = ["save"]
@@ -0,0 +1,42 @@
+# Permissions
+
+## allow-ask
+
+Enables the ask command without any pre-configured scope.
+
+## deny-ask
+
+Denies the ask command without any pre-configured scope.
+
+## allow-confirm
+
+Enables the confirm command without any pre-configured scope.
+
+## deny-confirm
+
+Denies the confirm command without any pre-configured scope.
+
+## allow-message
+
+Enables the message command without any pre-configured scope.
+
+## deny-message
+
+Denies the message command without any pre-configured scope.
+
+## allow-open
+
+Enables the open command without any pre-configured scope.
+
+## deny-open
+
+Denies the open command without any pre-configured scope.
+
+## allow-save
+
+Enables the save command without any pre-configured scope.
+
+## deny-save
+
+Denies the save command without any pre-configured scope.
+
@@ -118,7 +118,7 @@ pub(crate) async fn open<R: Runtime>(
                if let Some(folders) = &folders {
                    for folder in folders {
                        if let Some(s) = window.try_fs_scope() {
-                            s.allow_directory(folder, options.recursive)?;
+                            s.allow_directory(folder, options.recursive);
                        }
                    }
                }
@@ -127,7 +127,7 @@ pub(crate) async fn open<R: Runtime>(
                let folder = dialog_builder.blocking_pick_folder();
                if let Some(path) = &folder {
                    if let Some(s) = window.try_fs_scope() {
-                        s.allow_directory(path, options.recursive)?;
+                        s.allow_directory(path, options.recursive);
                    }
                }
                OpenResponse::Folder(folder)
@@ -140,7 +140,7 @@ pub(crate) async fn open<R: Runtime>(
        if let Some(files) = &files {
            for file in files {
                if let Some(s) = window.try_fs_scope() {
-                    s.allow_file(&file.path)?;
+                    s.allow_file(&file.path);
                }
                window
                    .state::<tauri::scope::Scopes>()
@@ -152,7 +152,7 @@ pub(crate) async fn open<R: Runtime>(
        let file = dialog_builder.blocking_pick_file();
        if let Some(file) = &file {
            if let Some(s) = window.try_fs_scope() {
-                s.allow_file(&file.path)?;
+                s.allow_file(&file.path);
            }
            window
                .state::<tauri::scope::Scopes>()
@@ -193,7 +193,7 @@ pub(crate) async fn save<R: Runtime>(
        let path = dialog_builder.blocking_save_file();
        if let Some(p) = &path {
            if let Some(s) = window.try_fs_scope() {
-                s.allow_file(p)?;
+                s.allow_file(p);
            }
            window.state::<tauri::scope::Scopes>().allow_file(p)?;
        }
@@ -1,5 +1,6 @@
 {
-  "identifier": "studio.tauri.example",
+  "$schema": "../../../node_modules/.pnpm/@tauri-apps+cli@2.0.0-alpha.17/node_modules/@tauri-apps/cli/schema.json",
+  "identifier": "app.tauri.example",
  "build": {
    "frontendDist": ".",
    "devUrl": "http://localhost:4000"
@@ -6,19 +6,26 @@ authors = { workspace = true }
 license = { workspace = true }
 edition = { workspace = true }
 rust-version = { workspace = true }
+links = "tauri-plugin-fs"

 [package.metadata.docs.rs]
-rustc-args = [ "--cfg", "docsrs" ]
-rustdoc-args = [ "--cfg", "docsrs" ]
+rustc-args = ["--cfg", "docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[build-dependencies]
+tauri-plugin = { workspace = true, features = ["build"] }
+schemars = { workspace = true }

 [dependencies]
 serde = { workspace = true }
+serde_json = { workspace = true }
+schemars = { workspace = true }
 serde_repr = "0.1"
 tauri = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
 anyhow = "1"
-uuid = { version = "1", features = [ "v4" ] }
+uuid = { version = "1", features = ["v4"] }
 glob = "0.3"
 notify = { version = "6", optional = true, features = [ "serde" ] }
 notify-debouncer-full = { version = "0.3", optional = true }
@@ -0,0 +1,51 @@
+# Security Policy
+
+**Do not report security vulnerabilities through public GitHub issues.**
+
+**Please use the [Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) feature of GitHub.**
+
+Include as much of the following information:
+
+- Type of issue (e.g. improper input parsing, privilege escalation, etc.)
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- The distribution affected or used to help us with reproduction of the issue
+- Step-by-step instructions to reproduce the issue
+- Ideally a reproduction repository
+- Impact of the issue, including how an attacker might exploit the issue
+
+We prefer to receive reports in English.
+
+## Contact
+
+Please disclose a vulnerability or security relevant issue here: [https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new).
+
+Alternatively, you can also contact us by email via [security@tauri.app](mailto:security@tauri.app).
+
+## Threat Model
+
+This plugin possibly allows access to the full filesystem available to the application process.
+Depending on the operating system the access is already confined (android/ios) to only certain locations.
+In other operating systems like Linux/MacOS/Windows it depends on the installation and packaging method but in most cases full
+access is granted.
+
+To prevent exposure of sensitive locations and data this plugin can be scoped to only allow certain base directories
+or only access to specific files or subdirectories.
+This scoping effectively affects only calls made from the webviews/frontend code and calls made from rust can always circumvent
+the restrictions imposed by the scope.
+
+The scope is defined at compile time in the used permissions but the user or application developer can grant or revoke access to specific files or folders at runtime by modifying the scope state through the runtime authority, if configured during plugin initialization.
+
+
+### Security Assumptions
+
+- The filesystem access is limited by user permissions
+- The operating system filesystem access confinment works as documented
+- The scoping mechanism of the Tauri `fs` commands work as intended and has no bypasses
+- The user or application developer can grant or revoke access to specific files at runtime by modifying the scope
+
+
+#### Out Of Scope
+
+- Exploits in underlying filesystems
+- Exploits in the underlying rust `std::fs` library
@@ -0,0 +1,164 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+use std::{fs::create_dir_all, path::Path};
+
+#[path = "src/scope.rs"]
+#[allow(dead_code)]
+mod scope;
+
+const BASE_DIR_VARS: &[&str] = &[
+    "AUDIO",
+    "CACHE",
+    "CONFIG",
+    "DATA",
+    "LOCALDATA",
+    "DESKTOP",
+    "DOCUMENT",
+    "DOWNLOAD",
+    "EXE",
+    "FONT",
+    "HOME",
+    "PICTURE",
+    "PUBLIC",
+    "RUNTIME",
+    "TEMPLATE",
+    "VIDEO",
+    "RESOURCE",
+    "APP",
+    "LOG",
+    "TEMP",
+    "APPCONFIG",
+    "APPDATA",
+    "APPLOCALDATA",
+    "APPCACHE",
+    "APPLOG",
+];
+const COMMANDS: &[&str] = &[
+    "mkdir",
+    "create",
+    "copy_file",
+    "remove",
+    "rename",
+    "truncate",
+    "ftruncate",
+    "write",
+    "write_file",
+    "write_text_file",
+    "read_dir",
+    "read_file",
+    "read",
+    "open",
+    "read_text_file",
+    "read_text_file_lines",
+    "read_text_file_lines_next",
+    "seek",
+    "stat",
+    "lstat",
+    "fstat",
+    "exists",
+    "watch",
+    "unwatch",
+];
+
+fn main() {
+    let autogenerated = Path::new("permissions/autogenerated/");
+    let base_dirs = &autogenerated.join("base-directories");
+
+    if !base_dirs.exists() {
+        create_dir_all(base_dirs).expect("unable to create autogenerated base directories dir");
+    }
+
+    for base_dir in BASE_DIR_VARS {
+        let upper = base_dir;
+        let lower = base_dir.to_lowercase();
+        let toml = format!(
+            r###"# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-{lower}-recursive"
+description = "This scope recursive access to the complete `${upper}` folder, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "${upper}/**"
+
+[[permission]]
+identifier = "scope-{lower}"
+description = "This scope permits access to all files and list content of top level directories in the `${upper}`folder."
+
+[[permission.scope.allow]]
+path = "${upper}/*"
+
+[[permission]]
+identifier = "scope-{lower}-index"
+description = "This scope permits to list all files and folders in the `${upper}`folder."
+
+[[permission.scope.allow]]
+path = "${upper}/"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-{lower}-read-recursive"
+description = "This allows full recursive read access to the complete `${upper}` folder, files and subdirectories."
+permissions = [
+    "read-all",
+    "scope-{lower}-recursive"
+]
+
+[[set]]
+identifier = "allow-{lower}-write-recursive"
+description = "This allows full recusrive write access to the complete `${upper}` folder, files and subdirectories."
+permissions = [
+    "write-all",
+    "scope-{lower}-recursive"
+]
+
+[[set]]
+identifier = "allow-{lower}-read"
+description = "This allows non-recursive read access to the `${upper}` folder."
+permissions = [
+    "read-all",
+    "scope-{lower}"
+]
+
+[[set]]
+identifier = "allow-{lower}-write"
+description = "This allows non-recursive write access to the `${upper}` folder."
+permissions = [
+    "write-all",
+    "scope-{lower}"
+]
+
+[[set]]
+identifier = "allow-{lower}-meta-recursive"
+description = "This allows read access to metadata of the `${upper}` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-{lower}-recursive"
+]
+
+[[set]]
+identifier = "allow-{lower}-meta"
+description = "This allows read access to metadata of the `${upper}` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-{lower}-index"
+]"###
+        );
+
+        std::fs::write(base_dirs.join(format!("{lower}.toml")), toml)
+            .unwrap_or_else(|e| panic!("unable to autogenerate ${upper}: {e}"));
+    }
+
+    tauri_plugin::Builder::new(COMMANDS)
+        .global_scope_schema(schemars::schema_for!(scope::Entry))
+        .build();
+}
@@ -24,6 +24,6 @@
    "LICENSE"
  ],
  "dependencies": {
-    "@tauri-apps/api": "2.0.0-alpha.13"
+    "@tauri-apps/api": "2.0.0-beta.0"
  }
 }
@@ -0,0 +1 @@
+schemas/
@@ -0,0 +1,78 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-app-recursive"
+description = "This scope recursive access to the complete `$APP` folder, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "$APP/**"
+
+[[permission]]
+identifier = "scope-app"
+description = "This scope permits access to all files and list content of top level directories in the `$APP`folder."
+
+[[permission.scope.allow]]
+path = "$APP/*"
+
+[[permission]]
+identifier = "scope-app-index"
+description = "This scope permits to list all files and folders in the `$APP`folder."
+
+[[permission.scope.allow]]
+path = "$APP/"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-app-read-recursive"
+description = "This allows full recursive read access to the complete `$APP` folder, files and subdirectories."
+permissions = [
+    "read-all",
+    "scope-app-recursive"
+]
+
+[[set]]
+identifier = "allow-app-write-recursive"
+description = "This allows full recusrive write access to the complete `$APP` folder, files and subdirectories."
+permissions = [
+    "write-all",
+    "scope-app-recursive"
+]
+
+[[set]]
+identifier = "allow-app-read"
+description = "This allows non-recursive read access to the `$APP` folder."
+permissions = [
+    "read-all",
+    "scope-app"
+]
+
+[[set]]
+identifier = "allow-app-write"
+description = "This allows non-recursive write access to the `$APP` folder."
+permissions = [
+    "write-all",
+    "scope-app"
+]
+
+[[set]]
+identifier = "allow-app-meta-recursive"
+description = "This allows read access to metadata of the `$APP` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-app-recursive"
+]
+
+[[set]]
+identifier = "allow-app-meta"
+description = "This allows read access to metadata of the `$APP` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-app-index"
+]
@@ -0,0 +1,78 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-appcache-recursive"
+description = "This scope recursive access to the complete `$APPCACHE` folder, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "$APPCACHE/**"
+
+[[permission]]
+identifier = "scope-appcache"
+description = "This scope permits access to all files and list content of top level directories in the `$APPCACHE`folder."
+
+[[permission.scope.allow]]
+path = "$APPCACHE/*"
+
+[[permission]]
+identifier = "scope-appcache-index"
+description = "This scope permits to list all files and folders in the `$APPCACHE`folder."
+
+[[permission.scope.allow]]
+path = "$APPCACHE/"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-appcache-read-recursive"
+description = "This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories."
+permissions = [
+    "read-all",
+    "scope-appcache-recursive"
+]
+
+[[set]]
+identifier = "allow-appcache-write-recursive"
+description = "This allows full recusrive write access to the complete `$APPCACHE` folder, files and subdirectories."
+permissions = [
+    "write-all",
+    "scope-appcache-recursive"
+]
+
+[[set]]
+identifier = "allow-appcache-read"
+description = "This allows non-recursive read access to the `$APPCACHE` folder."
+permissions = [
+    "read-all",
+    "scope-appcache"
+]
+
+[[set]]
+identifier = "allow-appcache-write"
+description = "This allows non-recursive write access to the `$APPCACHE` folder."
+permissions = [
+    "write-all",
+    "scope-appcache"
+]
+
+[[set]]
+identifier = "allow-appcache-meta-recursive"
+description = "This allows read access to metadata of the `$APPCACHE` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appcache-recursive"
+]
+
+[[set]]
+identifier = "allow-appcache-meta"
+description = "This allows read access to metadata of the `$APPCACHE` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appcache-index"
+]
@@ -0,0 +1,78 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-appconfig-recursive"
+description = "This scope recursive access to the complete `$APPCONFIG` folder, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG/**"
+
+[[permission]]
+identifier = "scope-appconfig"
+description = "This scope permits access to all files and list content of top level directories in the `$APPCONFIG`folder."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG/*"
+
+[[permission]]
+identifier = "scope-appconfig-index"
+description = "This scope permits to list all files and folders in the `$APPCONFIG`folder."
+
+[[permission.scope.allow]]
+path = "$APPCONFIG/"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-appconfig-read-recursive"
+description = "This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories."
+permissions = [
+    "read-all",
+    "scope-appconfig-recursive"
+]
+
+[[set]]
+identifier = "allow-appconfig-write-recursive"
+description = "This allows full recusrive write access to the complete `$APPCONFIG` folder, files and subdirectories."
+permissions = [
+    "write-all",
+    "scope-appconfig-recursive"
+]
+
+[[set]]
+identifier = "allow-appconfig-read"
+description = "This allows non-recursive read access to the `$APPCONFIG` folder."
+permissions = [
+    "read-all",
+    "scope-appconfig"
+]
+
+[[set]]
+identifier = "allow-appconfig-write"
+description = "This allows non-recursive write access to the `$APPCONFIG` folder."
+permissions = [
+    "write-all",
+    "scope-appconfig"
+]
+
+[[set]]
+identifier = "allow-appconfig-meta-recursive"
+description = "This allows read access to metadata of the `$APPCONFIG` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appconfig-recursive"
+]
+
+[[set]]
+identifier = "allow-appconfig-meta"
+description = "This allows read access to metadata of the `$APPCONFIG` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appconfig-index"
+]
@@ -0,0 +1,78 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+# Scopes Section
+# This section contains scopes, which define file level access
+
+[[permission]]
+identifier = "scope-appdata-recursive"
+description = "This scope recursive access to the complete `$APPDATA` folder, including sub directories and files."
+
+[[permission.scope.allow]]
+path = "$APPDATA/**"
+
+[[permission]]
+identifier = "scope-appdata"
+description = "This scope permits access to all files and list content of top level directories in the `$APPDATA`folder."
+
+[[permission.scope.allow]]
+path = "$APPDATA/*"
+
+[[permission]]
+identifier = "scope-appdata-index"
+description = "This scope permits to list all files and folders in the `$APPDATA`folder."
+
+[[permission.scope.allow]]
+path = "$APPDATA/"
+
+# Sets Section
+# This section combines the scope elements with enablement of commands
+
+[[set]]
+identifier = "allow-appdata-read-recursive"
+description = "This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories."
+permissions = [
+    "read-all",
+    "scope-appdata-recursive"
+]
+
+[[set]]
+identifier = "allow-appdata-write-recursive"
+description = "This allows full recusrive write access to the complete `$APPDATA` folder, files and subdirectories."
+permissions = [
+    "write-all",
+    "scope-appdata-recursive"
+]
+
+[[set]]
+identifier = "allow-appdata-read"
+description = "This allows non-recursive read access to the `$APPDATA` folder."
+permissions = [
+    "read-all",
+    "scope-appdata"
+]
+
+[[set]]
+identifier = "allow-appdata-write"
+description = "This allows non-recursive write access to the `$APPDATA` folder."
+permissions = [
+    "write-all",
+    "scope-appdata"
+]
+
+[[set]]
+identifier = "allow-appdata-meta-recursive"
+description = "This allows read access to metadata of the `$APPDATA` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appdata-recursive"
+]
+
+[[set]]
+identifier = "allow-appdata-meta"
+description = "This allows read access to metadata of the `$APPDATA` folder, including file listing and statistics."
+permissions = [
+    "read-meta",
+    "scope-appdata-index"
+]
--- a/Show More
+++ b/Show More