revert to draft07 schema

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.cargo/audit.toml

@@ -1,11 +1,5 @@
 [advisories]
 ignore = [
-  # time 0.1
-  "RUSTSEC-2020-0071",
-  # needs sqlx 0.7 (still in alpha)
-  "RUSTSEC-2022-0090",
-  # wry needs kuchiki on Android
-  "RUSTSEC-2023-0019",
-  # atty is only used when the `colored` feature is enabled on tauri-plugin-log
-  "RUSTSEC-2021-0145",
+  # time crate can't be updated in the repo because of MSRV, users are unaffected
+  "RUSTSEC-2026-0009",
 ]

.changes/change-plugin-sql-numeric-custom-types.md

@@ -0,0 +1,6 @@
+---
+"sql": minor
+"sql-js": minor
+---
+
+Add support for Postgres `NUMERIC` and custom data types.

.changes/change-pr-3244.md

@@ -0,0 +1,6 @@
+---
+"fs": minor
+"fs-js": minor
+---
+
+Add `encoding` option for `readTextFile` and `readTextFileLines`

.changes/change-pr-3252.md

@@ -0,0 +1,6 @@
+---
+"http": patch
+"http-js": patch
+---
+
+Correct Response header initialization to support cloning and ensure Set-Cookie visibility.

.changes/change-pr-3285.md

@@ -0,0 +1,6 @@
+---
+"updater": patch
+"updater-js": patch
+---
+
+fix: preserve file extension of updater package, otherwise users may get confused when presented with a sudo dialog suggesting to install a file with the extension `.rpm` using `dpkg -i`

.changes/re-use-message-dialog-command.md

@@ -0,0 +1,6 @@
+---
+"dialog": minor
+"dialog-js": minor
+---
+
+Re-use `message` command in Rust side for `ask` and `confirm` commands, `allow-ask` and `allow-confirm` permissions are now aliases to `allow-message`

.changes/security-scoped-ios.md

@@ -0,0 +1,6 @@
+---
+"fs": minor
+"fs-js": minor
+---
+
+Enable access for security-scoped resources on iOS by automatically calling `NSURL::startAccessingSecurityScopedResource` on resource access and adding the `stopAccessingSecurityScopedResource` API.

.changes/validate-android-deep-link.md

@@ -0,0 +1,6 @@
+---
+"deep-link": patch
+"deep-link-js": patch
+---
+
+Validate Android new intent is actually a deep link before triggering the onOpenUrl event.

.github/workflows/audit-rust.yml

@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: rustsec/audit-check@v1
+      - uses: rustsec/audit-check@v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           # https://github.com/tauri-apps/plugins-workspace/issues/774

Cargo.toml

@@ -19,7 +19,7 @@ tauri-utils = "2.8"
 serde_json = "1"
 thiserror = "2"
 url = "2"
-schemars = "0.8"
+schemars = "1"
 dunce = "1"
 specta = "^2.0.0-rc.16"
 glob = "0.3"
@@ -39,3 +39,8 @@ codegen-units = 1
 lto = true
 incremental = false
 opt-level = "s"
+
+[patch.crates-io]
+tauri = { git = "https://github.com/tauri-apps/tauri.git", branch = "feat/cef" }
+tauri-utils = { git = "https://github.com/tauri-apps/tauri.git", branch = "feat/cef" }
+tauri-plugin = { git = "https://github.com/tauri-apps/tauri.git", branch = "feat/cef" }

examples/api/package.json

@@ -36,7 +36,7 @@
     "@iconify-json/codicon": "^1.2.12",
     "@iconify-json/ph": "^1.2.2",
     "@sveltejs/vite-plugin-svelte": "^6.0.0",
-    "@tauri-apps/cli": "2.10.0",
+    "@tauri-apps/cli": "2.10.1",
     "@unocss/extractor-svelte": "^66.3.3",
     "svelte": "^5.20.4",
     "unocss": "^66.3.3",

examples/api/src-tauri/capabilities/base.json

@@ -23,11 +23,7 @@
     "core:window:allow-start-dragging",
     "notification:default",
     "os:allow-platform",
-    "dialog:allow-open",
-    "dialog:allow-ask",
-    "dialog:allow-save",
-    "dialog:allow-confirm",
-    "dialog:allow-message",
+    "dialog:default",
     {
       "identifier": "shell:allow-spawn",
       "allow": [

examples/api/src/views/Dialog.svelte

@@ -43,7 +43,7 @@
   }
 
   async function msg() {
-    await message("Tauri is awesome!");
+    await message("Tauri is awesome!").then((res) => onMessage(res));
   }
 
   async function msgCustom(result) {

package.json

@@ -11,25 +11,23 @@
     "example:api:dev": "pnpm run --filter \"api\" tauri dev"
   },
   "devDependencies": {
-    "@eslint/js": "9.39.2",
+    "@eslint/js": "10.0.1",
     "@rollup/plugin-node-resolve": "16.0.3",
-    "@rollup/plugin-terser": "0.4.4",
+    "@rollup/plugin-terser": "1.0.0",
     "@rollup/plugin-typescript": "12.3.0",
-    "covector": "^0.12.4",
-    "eslint": "9.39.2",
+    "eslint": "10.0.2",
     "eslint-config-prettier": "10.1.8",
-    "eslint-plugin-security": "3.0.1",
+    "eslint-plugin-security": "4.0.0",
     "prettier": "3.8.1",
-    "rollup": "4.57.1",
+    "rollup": "4.59.0",
     "tslib": "2.8.1",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.54.0"
+    "typescript-eslint": "8.56.1"
   },
   "minimumReleaseAge": 4320,
   "pnpm": {
     "overrides": {
-      "esbuild@<0.25.0": ">=0.25.0",
-      "lodash@>=4.0.0 <=4.17.22": ">=4.17.23"
+      "esbuild@<0.25.0": ">=0.25.0"
     },
     "onlyBuiltDependencies": [
       "esbuild"

plugins/autostart/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,84 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the disable command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-disable",
-          "markdownDescription": "Enables the disable command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the disable command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-disable",
-          "markdownDescription": "Denies the disable command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the enable command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-enable",
-          "markdownDescription": "Enables the enable command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the enable command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-enable",
-          "markdownDescription": "Denies the enable command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the is_enabled command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-is-enabled",
-          "markdownDescription": "Enables the is_enabled command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the is_enabled command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-is-enabled",
-          "markdownDescription": "Denies the is_enabled command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`"
+          "const": "iOS"
         }
       ]
     }

plugins/barcode-scanner/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,120 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-cancel",
-          "markdownDescription": "Enables the cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-cancel",
-          "markdownDescription": "Denies the cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-check-permissions",
-          "markdownDescription": "Enables the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-check-permissions",
-          "markdownDescription": "Denies the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the open_app_settings command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-open-app-settings",
-          "markdownDescription": "Enables the open_app_settings command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the open_app_settings command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-open-app-settings",
-          "markdownDescription": "Denies the open_app_settings command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the request_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-request-permissions",
-          "markdownDescription": "Enables the request_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the request_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-request-permissions",
-          "markdownDescription": "Denies the request_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the scan command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-scan",
-          "markdownDescription": "Enables the scan command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the scan command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-scan",
-          "markdownDescription": "Denies the scan command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the vibrate command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-vibrate",
-          "markdownDescription": "Enables the vibrate command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the vibrate command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-vibrate",
-          "markdownDescription": "Denies the vibrate command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\nbarcode scanning features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all barcode related features.\n\n\n#### This default permission set includes:\n\n- `allow-cancel`\n- `allow-check-permissions`\n- `allow-open-app-settings`\n- `allow-request-permissions`\n- `allow-scan`\n- `allow-vibrate`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\nbarcode scanning features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all barcode related features.\n\n\n#### This default permission set includes:\n\n- `allow-cancel`\n- `allow-check-permissions`\n- `allow-open-app-settings`\n- `allow-request-permissions`\n- `allow-scan`\n- `allow-vibrate`"
+          "const": "iOS"
         }
       ]
     }

plugins/biometric/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,72 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the authenticate command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-authenticate",
-          "markdownDescription": "Enables the authenticate command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the authenticate command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-authenticate",
-          "markdownDescription": "Denies the authenticate command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the status command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-status",
-          "markdownDescription": "Enables the status command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the status command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-status",
-          "markdownDescription": "Denies the status command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`"
+          "const": "iOS"
         }
       ]
     }

plugins/cli/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,60 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the cli_matches command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-cli-matches",
-          "markdownDescription": "Enables the cli_matches command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the cli_matches command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-cli-matches",
-          "markdownDescription": "Denies the cli_matches command without any pre-configured scope."
-        },
-        {
-          "description": "Allows reading the CLI matches\n#### This default permission set includes:\n\n- `allow-cli-matches`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "Allows reading the CLI matches\n#### This default permission set includes:\n\n- `allow-cli-matches`"
+          "const": "iOS"
         }
       ]
     }

plugins/clipboard-manager/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,120 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the clear command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-clear",
-          "markdownDescription": "Enables the clear command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the clear command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-clear",
-          "markdownDescription": "Denies the clear command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the read_image command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-read-image",
-          "markdownDescription": "Enables the read_image command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the read_image command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-read-image",
-          "markdownDescription": "Denies the read_image command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the read_text command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-read-text",
-          "markdownDescription": "Enables the read_text command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the read_text command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-read-text",
-          "markdownDescription": "Denies the read_text command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the write_html command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-write-html",
-          "markdownDescription": "Enables the write_html command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the write_html command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-write-html",
-          "markdownDescription": "Denies the write_html command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the write_image command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-write-image",
-          "markdownDescription": "Enables the write_image command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the write_image command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-write-image",
-          "markdownDescription": "Denies the write_image command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the write_text command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-write-text",
-          "markdownDescription": "Enables the write_text command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the write_text command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-write-text",
-          "markdownDescription": "Denies the write_text command without any pre-configured scope."
-        },
-        {
-          "description": "No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n"
+          "const": "iOS"
         }
       ]
     }

plugins/deep-link/android/src/main/java/DeepLinkPlugin.kt

@@ -6,9 +6,8 @@ package app.tauri.deep_link
 
 import android.app.Activity
 import android.content.Intent
-import android.os.Bundle
+import android.os.PatternMatcher
 import android.webkit.WebView
-import app.tauri.Logger
 import app.tauri.annotation.InvokeArg
 import app.tauri.annotation.Command
 import app.tauri.annotation.TauriPlugin
@@ -16,18 +15,35 @@ import app.tauri.plugin.Channel
 import app.tauri.plugin.JSObject
 import app.tauri.plugin.Plugin
 import app.tauri.plugin.Invoke
+import androidx.core.net.toUri
 
 @InvokeArg
 class SetEventHandlerArgs {
     lateinit var handler: Channel
 }
 
+@InvokeArg
+class AssociatedDomain {
+    var scheme: List<String> = listOf("https", "http")
+    var host: String? = null
+    var path: List<String> = listOf()
+    var pathPattern: List<String> = listOf()
+    var pathPrefix: List<String> = listOf()
+    var pathSuffix: List<String> = listOf()
+}
+
+@InvokeArg
+class PluginConfig {
+    var mobile: List<AssociatedDomain> = listOf()
+}
+
 @TauriPlugin
 class DeepLinkPlugin(private val activity: Activity): Plugin(activity) {
     //private val implementation = Example()
     private var webView: WebView? = null
     private var currentUrl: String? = null
     private var channel: Channel? = null
+    private var config: PluginConfig? = null
 
     companion object {
         var instance: DeepLinkPlugin? = null
@@ -51,27 +67,105 @@ class DeepLinkPlugin(private val activity: Activity): Plugin(activity) {
 
     override fun load(webView: WebView) {
         instance = this
-
-        val intent = activity.intent
-
-        if (intent.action == Intent.ACTION_VIEW) {
-            // TODO: check if it makes sense to split up init url and last url
-            this.currentUrl = intent.data.toString()
-            val event = JSObject()
-            event.put("url", this.currentUrl)
-            this.channel?.send(event)
-        }
+        config = getConfig(PluginConfig::class.java)
 
         super.load(webView)
         this.webView = webView
+
+        val intent = activity.intent
+
+        if (intent.action == Intent.ACTION_VIEW && intent.data != null) {
+            val url = intent.data.toString()
+            if (isDeepLink(url)) {
+                // TODO: check if it makes sense to split up init url and last url
+                this.currentUrl = url
+                val event = JSObject()
+                event.put("url", this.currentUrl)
+                this.channel?.send(event)
+            }
+        }
     }
 
     override fun onNewIntent(intent: Intent) {
-        if (intent.action == Intent.ACTION_VIEW) {
-            this.currentUrl = intent.data.toString()
-            val event = JSObject()
-            event.put("url", this.currentUrl)
-            this.channel?.send(event)
+        if (intent.action == Intent.ACTION_VIEW && intent.data != null) {
+            val url = intent.data.toString()
+            if (isDeepLink(url)) {
+                this.currentUrl = url
+                val event = JSObject()
+                event.put("url", this.currentUrl)
+                this.channel?.send(event)
+            }
         }
     }
+
+    private fun isDeepLink(url: String): Boolean {
+        val config = this.config ?: return false
+        
+        if (config.mobile.isEmpty()) {
+            return false
+        }
+
+        val uri = try {
+            url.toUri()
+        } catch (_: Exception) {
+            // not a URL
+            return false
+        }
+
+        val scheme = uri.scheme ?: return false
+        val host = uri.host
+        val path = uri.path ?: ""
+
+        // Check if URL matches any configured mobile deep link
+        for (domain in config.mobile) {
+            // Check scheme
+            if (!domain.scheme.any { it.equals(scheme, ignoreCase = true) }) {
+                continue
+            }
+
+            // Check host (if configured)
+            if (domain.host != null) {
+                if (!host.equals(domain.host, ignoreCase = true)) {
+                    continue
+                }
+            }
+
+            // Check path constraints
+            // According to Android docs:
+            // - path: exact match, must begin with /
+            // - pathPrefix: matches initial part of path
+            // - pathSuffix: matches ending part, doesn't need to begin with /
+            // - pathPattern: simple glob pattern (., *, .*)
+            val pathMatches = when {
+                // Exact path match (must begin with /)
+                domain.path.isNotEmpty() && domain.path.any { it == path } -> true
+                // Path pattern match (simple glob: ., *, .*)
+                domain.pathPattern.isNotEmpty() && domain.pathPattern.any { pattern ->
+                    try {
+                        PatternMatcher(pattern, PatternMatcher.PATTERN_SIMPLE_GLOB).match(path)
+                    } catch (e: Exception) {
+                        false
+                    }
+                } -> true
+                // Path prefix match
+                domain.pathPrefix.isNotEmpty() && domain.pathPrefix.any { prefix ->
+                    path.startsWith(prefix)
+                } -> true
+                // Path suffix match
+                domain.pathSuffix.isNotEmpty() && domain.pathSuffix.any { suffix ->
+                    path.endsWith(suffix)
+                } -> true
+                // If no path constraints, any path is allowed
+                domain.path.isEmpty() && domain.pathPattern.isEmpty() && 
+                domain.pathPrefix.isEmpty() && domain.pathSuffix.isEmpty() -> true
+                else -> false
+            }
+
+            if (pathMatches) {
+                return true
+            }
+        }
+
+        return false
+    }
 }

plugins/deep-link/examples/app/package.json

@@ -14,7 +14,7 @@
     "@tauri-apps/plugin-deep-link": "2.4.7"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "2.10.0",
+    "@tauri-apps/cli": "2.10.1",
     "typescript": "^5.7.3",
     "vite": "^7.3.1"
   }

plugins/deep-link/package.json

@@ -28,6 +28,6 @@
     "@tauri-apps/api": "^2.10.1"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "2.10.0"
+    "@tauri-apps/cli": "2.10.1"
   }
 }

plugins/deep-link/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,96 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the get_current command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-current",
-          "markdownDescription": "Enables the get_current command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_current command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-current",
-          "markdownDescription": "Denies the get_current command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the is_registered command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-is-registered",
-          "markdownDescription": "Enables the is_registered command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the is_registered command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-is-registered",
-          "markdownDescription": "Denies the is_registered command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the register command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-register",
-          "markdownDescription": "Enables the register command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the register command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-register",
-          "markdownDescription": "Denies the register command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the unregister command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-unregister",
-          "markdownDescription": "Enables the unregister command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the unregister command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-unregister",
-          "markdownDescription": "Denies the unregister command without any pre-configured scope."
-        },
-        {
-          "description": "Allows reading the opened deep link via the get_current command\n#### This default permission set includes:\n\n- `allow-get-current`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "Allows reading the opened deep link via the get_current command\n#### This default permission set includes:\n\n- `allow-get-current`"
+          "const": "iOS"
         }
       ]
     }

plugins/deep-link/src/lib.rs

@@ -540,7 +540,7 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {
             Ok(())
         })
         .on_event(|_app, _event| {
-            #[cfg(any(target_os = "macos", target_os = "ios"))]
+            #[cfg(desktop)]
             if let tauri::RunEvent::Opened { urls } = _event {
                 use tauri::Emitter;
 

plugins/dialog/api-iife.js

@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_DIALOG__=function(t){"use strict";async function n(t,n={},e){return window.__TAURI_INTERNALS__.invoke(t,n,e)}function e(t){if(void 0!==t)return"string"==typeof t?t:"ok"in t&&"cancel"in t?{OkCancelCustom:[t.ok,t.cancel]}:"yes"in t&&"no"in t&&"cancel"in t?{YesNoCancelCustom:[t.yes,t.no,t.cancel]}:"ok"in t?{OkCustom:t.ok}:void 0}return"function"==typeof SuppressedError&&SuppressedError,t.ask=async function(t,e){const o="string"==typeof e?{title:e}:e;return await n("plugin:dialog|ask",{message:t.toString(),title:o?.title?.toString(),kind:o?.kind,yesButtonLabel:o?.okLabel?.toString(),noButtonLabel:o?.cancelLabel?.toString()})},t.confirm=async function(t,e){const o="string"==typeof e?{title:e}:e;return await n("plugin:dialog|confirm",{message:t.toString(),title:o?.title?.toString(),kind:o?.kind,okButtonLabel:o?.okLabel?.toString(),cancelButtonLabel:o?.cancelLabel?.toString()})},t.message=async function(t,o){const i="string"==typeof o?{title:o}:o;return n("plugin:dialog|message",{message:t.toString(),title:i?.title?.toString(),kind:i?.kind,okButtonLabel:i?.okLabel?.toString(),buttons:e(i?.buttons)})},t.open=async function(t={}){return"object"==typeof t&&Object.freeze(t),await n("plugin:dialog|open",{options:t})},t.save=async function(t={}){return"object"==typeof t&&Object.freeze(t),await n("plugin:dialog|save",{options:t})},t}({});Object.defineProperty(window.__TAURI__,"dialog",{value:__TAURI_PLUGIN_DIALOG__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_DIALOG__=function(n){"use strict";async function e(n,e={},t){return window.__TAURI_INTERNALS__.invoke(n,e,t)}function t(n){if(void 0!==n)return"string"==typeof n?n:"ok"in n&&"cancel"in n?{OkCancelCustom:[n.ok,n.cancel]}:"yes"in n&&"no"in n&&"cancel"in n?{YesNoCancelCustom:[n.yes,n.no,n.cancel]}:"ok"in n?{OkCustom:n.ok}:void 0}async function o(n,o){return await e("plugin:dialog|message",{message:n,title:o?.title,kind:o?.kind,buttons:t(o?.buttons)})}return"function"==typeof SuppressedError&&SuppressedError,n.ask=async function(n,e){const t="string"==typeof e?{title:e}:e,i=t?.okLabel||t?.cancelLabel,a=t?.okLabel??"Yes";return await o(n,{title:t?.title,kind:t?.kind,buttons:i?{ok:a,cancel:t.cancelLabel??"No"}:"YesNo"})===a},n.confirm=async function(n,e){const t="string"==typeof e?{title:e}:e,i=t?.okLabel||t?.cancelLabel,a=t?.okLabel??"Ok";return await o(n,{title:t?.title,kind:t?.kind,buttons:i?{ok:a,cancel:t.cancelLabel??"Cancel"}:"OkCancel"})===a},n.message=async function(n,e){const t="string"==typeof e?{title:e}:e;return t&&!t.buttons&&t.okLabel&&(t.buttons={ok:t.okLabel}),o(n,t)},n.open=async function(n={}){return"object"==typeof n&&Object.freeze(n),await e("plugin:dialog|open",{options:n})},n.save=async function(n={}){return"object"==typeof n&&Object.freeze(n),await e("plugin:dialog|save",{options:n})},n}({});Object.defineProperty(window.__TAURI__,"dialog",{value:__TAURI_PLUGIN_DIALOG__})}

plugins/dialog/build.rs

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
-const COMMANDS: &[&str] = &["open", "save", "message", "ask", "confirm"];
+const COMMANDS: &[&str] = &["open", "save", "message"];
 
 fn main() {
     let result = tauri_plugin::Builder::new(COMMANDS)

plugins/dialog/guest-js/index.ts

@@ -405,6 +405,18 @@ async function save(options: SaveDialogOptions = {}): Promise<string | null> {
  */
 export type MessageDialogResult = 'Yes' | 'No' | 'Ok' | 'Cancel' | (string & {})
 
+async function messageCommand(
+  message: string,
+  options?: Omit<MessageDialogOptions, 'okLabel'>
+) {
+  return await invoke<MessageDialogResult>('plugin:dialog|message', {
+    message,
+    title: options?.title,
+    kind: options?.kind,
+    buttons: buttonsToRust(options?.buttons)
+  })
+}
+
 /**
  * Shows a message dialog with an `Ok` button.
  * @example
@@ -427,18 +439,17 @@ async function message(
   options?: string | MessageDialogOptions
 ): Promise<MessageDialogResult> {
   const opts = typeof options === 'string' ? { title: options } : options
-
-  return invoke<MessageDialogResult>('plugin:dialog|message', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    okButtonLabel: opts?.okLabel?.toString(),
-    buttons: buttonsToRust(opts?.buttons)
-  })
+  if (opts && !opts.buttons && opts.okLabel) {
+    opts.buttons = { ok: opts.okLabel }
+  }
+  return messageCommand(message, opts)
 }
 
 /**
  * Shows a question dialog with `Yes` and `No` buttons.
+ *
+ * Convenient wrapper for `await message('msg', { buttons: 'YesNo' }) === 'Yes'`
+ *
  * @example
  * ```typescript
  * import { ask } from '@tauri-apps/plugin-dialog';
@@ -458,17 +469,24 @@ async function ask(
   options?: string | ConfirmDialogOptions
 ): Promise<boolean> {
   const opts = typeof options === 'string' ? { title: options } : options
-  return await invoke('plugin:dialog|ask', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    yesButtonLabel: opts?.okLabel?.toString(),
-    noButtonLabel: opts?.cancelLabel?.toString()
-  })
+  const customButtons = opts?.okLabel || opts?.cancelLabel
+  const okLabel = opts?.okLabel ?? 'Yes'
+  return (
+    (await messageCommand(message, {
+      title: opts?.title,
+      kind: opts?.kind,
+      buttons: customButtons
+        ? { ok: okLabel, cancel: opts.cancelLabel ?? 'No' }
+        : 'YesNo'
+    })) === okLabel
+  )
 }
 
 /**
  * Shows a question dialog with `Ok` and `Cancel` buttons.
+ *
+ * Convenient wrapper for `await message('msg', { buttons: 'OkCancel' }) === 'Ok'`
+ *
  * @example
  * ```typescript
  * import { confirm } from '@tauri-apps/plugin-dialog';
@@ -488,13 +506,17 @@ async function confirm(
   options?: string | ConfirmDialogOptions
 ): Promise<boolean> {
   const opts = typeof options === 'string' ? { title: options } : options
-  return await invoke('plugin:dialog|confirm', {
-    message: message.toString(),
-    title: opts?.title?.toString(),
-    kind: opts?.kind,
-    okButtonLabel: opts?.okLabel?.toString(),
-    cancelButtonLabel: opts?.cancelLabel?.toString()
-  })
+  const customButtons = opts?.okLabel || opts?.cancelLabel
+  const okLabel = opts?.okLabel ?? 'Ok'
+  return (
+    (await messageCommand(message, {
+      title: opts?.title,
+      kind: opts?.kind,
+      buttons: customButtons
+        ? { ok: okLabel, cancel: opts.cancelLabel ?? 'Cancel' }
+        : 'OkCancel'
+    })) === okLabel
+  )
 }
 
 export type {

plugins/dialog/permissions/ask.toml

@@ -0,0 +1,11 @@
+"$schema" = "schemas/schema.json"
+
+[[permission]]
+identifier = "allow-ask"
+description = "Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
+commands.allow = ["message"]
+
+[[permission]]
+identifier = "deny-ask"
+description = "Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
+commands.deny = ["message"]

plugins/dialog/permissions/autogenerated/commands/ask.toml

@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-ask"
-description = "Enables the ask command without any pre-configured scope."
-commands.allow = ["ask"]
-
-[[permission]]
-identifier = "deny-ask"
-description = "Denies the ask command without any pre-configured scope."
-commands.deny = ["ask"]

plugins/dialog/permissions/autogenerated/commands/confirm.toml

@@ -1,13 +0,0 @@
-# Automatically generated - DO NOT EDIT!
-
-"$schema" = "../../schemas/schema.json"
-
-[[permission]]
-identifier = "allow-confirm"
-description = "Enables the confirm command without any pre-configured scope."
-commands.allow = ["confirm"]
-
-[[permission]]
-identifier = "deny-confirm"
-description = "Denies the confirm command without any pre-configured scope."
-commands.deny = ["confirm"]

plugins/dialog/permissions/autogenerated/reference.md

@@ -9,8 +9,6 @@ All dialog types are enabled.
 
 #### This default permission set includes the following:
 
-- `allow-ask`
-- `allow-confirm`
 - `allow-message`
 - `allow-save`
 - `allow-open`
@@ -32,7 +30,7 @@ All dialog types are enabled.
 </td>
 <td>
 
-Enables the ask command without any pre-configured scope.
+Enables the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)
 
 </td>
 </tr>
@@ -45,33 +43,7 @@ Enables the ask command without any pre-configured scope.
 </td>
 <td>
 
-Denies the ask command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`dialog:allow-confirm`
-
-</td>
-<td>
-
-Enables the confirm command without any pre-configured scope.
-
-</td>
-</tr>
-
-<tr>
-<td>
-
-`dialog:deny-confirm`
-
-</td>
-<td>
-
-Denies the confirm command without any pre-configured scope.
+Denies the ask command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)
 
 </td>
 </tr>
@@ -151,6 +123,32 @@ Enables the save command without any pre-configured scope.
 
 Denies the save command without any pre-configured scope.
 
+</td>
+</tr>
+
+<tr>
+<td>
+
+`dialog:allow-confirm`
+
+</td>
+<td>
+
+Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`dialog:deny-confirm`
+
+</td>
+<td>
+
+Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)
+
 </td>
 </tr>
 </table>

plugins/dialog/permissions/confirm.toml

@@ -0,0 +1,11 @@
+"$schema" = "schemas/schema.json"
+
+[[permission]]
+identifier = "allow-confirm"
+description = "Enables the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `allow-message` and will be removed in v3)"
+commands.allow = ["message"]
+
+[[permission]]
+identifier = "deny-confirm"
+description = "Denies the confirm command without any pre-configured scope. (**DEPRECATED**: This is now an alias to `deny-message` and will be removed in v3)"
+commands.deny = ["message"]

plugins/dialog/permissions/default.toml

@@ -11,10 +11,4 @@ All dialog types are enabled.
 
 
 """
-permissions = [
-  "allow-ask",
-  "allow-confirm",
-  "allow-message",
-  "allow-save",
-  "allow-open",
-]
+permissions = ["allow-message", "allow-save", "allow-open"]

plugins/dialog/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,108 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the ask command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-ask",
-          "markdownDescription": "Enables the ask command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the ask command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-ask",
-          "markdownDescription": "Denies the ask command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the confirm command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-confirm",
-          "markdownDescription": "Enables the confirm command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the confirm command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-confirm",
-          "markdownDescription": "Denies the confirm command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the message command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-message",
-          "markdownDescription": "Enables the message command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the message command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-message",
-          "markdownDescription": "Denies the message command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the open command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-open",
-          "markdownDescription": "Enables the open command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the open command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-open",
-          "markdownDescription": "Denies the open command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save",
-          "markdownDescription": "Enables the save command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save",
-          "markdownDescription": "Denies the save command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-ask`\n- `allow-confirm`\n- `allow-message`\n- `allow-save`\n- `allow-open`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures the types of dialogs\navailable from the dialog plugin.\n\n#### Granted Permissions\n\nAll dialog types are enabled.\n\n\n\n#### This default permission set includes:\n\n- `allow-ask`\n- `allow-confirm`\n- `allow-message`\n- `allow-save`\n- `allow-open`"
+          "const": "iOS"
         }
       ]
     }

plugins/dialog/src/commands.rs

@@ -9,9 +9,8 @@ use tauri::{command, Manager, Runtime, State, Window};
 use tauri_plugin_fs::FsExt;
 
 use crate::{
-    Dialog, FileAccessMode, FileDialogBuilder, FilePath, MessageDialogBuilder,
-    MessageDialogButtons, MessageDialogKind, MessageDialogResult, PickerMode, Result, CANCEL, NO,
-    OK, YES,
+    Dialog, FileAccessMode, FileDialogBuilder, FilePath, MessageDialogButtons, MessageDialogKind,
+    MessageDialogResult, PickerMode, Result,
 };
 
 #[derive(Serialize)]
@@ -259,17 +258,20 @@ pub(crate) async fn save<R: Runtime>(
     Ok(path.map(|p| p.simplified()))
 }
 
-fn message_dialog<R: Runtime>(
-    #[allow(unused_variables)] window: Window<R>,
+#[command]
+pub(crate) async fn message<R: Runtime>(
+    #[allow(unused)] window: Window<R>,
     dialog: State<'_, Dialog<R>>,
     title: Option<String>,
     message: String,
     kind: Option<MessageDialogKind>,
-    buttons: MessageDialogButtons,
-) -> MessageDialogBuilder<R> {
+    buttons: Option<MessageDialogButtons>,
+) -> Result<MessageDialogResult> {
     let mut builder = dialog.message(message);
 
-    builder = builder.buttons(buttons);
+    if let Some(buttons) = buttons {
+        builder = builder.buttons(buttons);
+    }
 
     if let Some(title) = title {
         builder = builder.title(title);
@@ -284,86 +286,5 @@ fn message_dialog<R: Runtime>(
         builder = builder.kind(kind);
     }
 
-    builder
-}
-
-#[command]
-pub(crate) async fn message<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    ok_button_label: Option<String>,
-    buttons: Option<MessageDialogButtons>,
-) -> Result<MessageDialogResult> {
-    let buttons = buttons.unwrap_or(if let Some(ok_button_label) = ok_button_label {
-        MessageDialogButtons::OkCustom(ok_button_label)
-    } else {
-        MessageDialogButtons::Ok
-    });
-
-    Ok(message_dialog(window, dialog, title, message, kind, buttons).blocking_show_with_result())
-}
-
-#[command]
-pub(crate) async fn ask<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    yes_button_label: Option<String>,
-    no_button_label: Option<String>,
-) -> Result<bool> {
-    let dialog = message_dialog(
-        window,
-        dialog,
-        title,
-        message,
-        kind,
-        if let Some(yes_button_label) = yes_button_label {
-            MessageDialogButtons::OkCancelCustom(
-                yes_button_label,
-                no_button_label.unwrap_or(NO.to_string()),
-            )
-        } else if let Some(no_button_label) = no_button_label {
-            MessageDialogButtons::OkCancelCustom(YES.to_string(), no_button_label)
-        } else {
-            MessageDialogButtons::YesNo
-        },
-    );
-
-    Ok(dialog.blocking_show())
-}
-
-#[command]
-pub(crate) async fn confirm<R: Runtime>(
-    window: Window<R>,
-    dialog: State<'_, Dialog<R>>,
-    title: Option<String>,
-    message: String,
-    kind: Option<MessageDialogKind>,
-    ok_button_label: Option<String>,
-    cancel_button_label: Option<String>,
-) -> Result<bool> {
-    let dialog = message_dialog(
-        window,
-        dialog,
-        title,
-        message,
-        kind,
-        if let Some(ok_button_label) = ok_button_label {
-            MessageDialogButtons::OkCancelCustom(
-                ok_button_label,
-                cancel_button_label.unwrap_or(CANCEL.to_string()),
-            )
-        } else if let Some(cancel_button_label) = cancel_button_label {
-            MessageDialogButtons::OkCancelCustom(OK.to_string(), cancel_button_label)
-        } else {
-            MessageDialogButtons::OkCancel
-        },
-    );
-
-    Ok(dialog.blocking_show())
+    Ok(builder.blocking_show_with_result())
 }

plugins/dialog/src/lib.rs

@@ -61,8 +61,11 @@ pub enum FileAccessMode {
 }
 
 pub(crate) const OK: &str = "Ok";
+#[cfg(mobile)]
 pub(crate) const CANCEL: &str = "Cancel";
+#[cfg(mobile)]
 pub(crate) const YES: &str = "Yes";
+#[cfg(mobile)]
 pub(crate) const NO: &str = "No";
 
 macro_rules! blocking_fn {
@@ -197,8 +200,6 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
             commands::open,
             commands::save,
             commands::message,
-            commands::ask,
-            commands::confirm,
         ])
         .setup(|app, api| {
             #[cfg(mobile)]
@@ -246,8 +247,8 @@ impl<R: Runtime> MessageDialogBuilder<R> {
             dialog,
             title: title.into(),
             message: message.into(),
-            kind: Default::default(),
-            buttons: Default::default(),
+            kind: MessageDialogKind::default(),
+            buttons: MessageDialogButtons::default(),
             #[cfg(desktop)]
             parent: None,
         }

plugins/fs/Cargo.toml

@@ -30,6 +30,7 @@ serde_repr = "0.1"
 tauri = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
+log = { workspace = true }
 anyhow = "1"
 glob = { workspace = true }
 # TODO: Remove `serialization-compat-6` in v3
@@ -41,5 +42,8 @@ notify-debouncer-full = { version = "0.6", optional = true }
 dunce = { workspace = true }
 percent-encoding = "2"
 
+[target.'cfg(target_os = "ios")'.dependencies]
+objc2-foundation = { version = "0.3", features = ["NSURL", "NSString"] }
+
 [features]
 watch = ["notify", "notify-debouncer-full"]

plugins/fs/build.rs

@@ -104,6 +104,8 @@ const COMMANDS: &[(&str, &[&str])] = &[
     // TODO: Remove this in v3
     ("unwatch", &[]),
     ("size", &[]),
+    ("start_accessing_security_scoped_resource", &[]),
+    ("stop_accessing_security_scoped_resource", &[]),
 ];
 
 fn main() {
@@ -218,7 +220,10 @@ permissions = [
             .collect::<Vec<_>>(),
     )
     .global_api_script_path("./api-iife.js")
-    .global_scope_schema(schemars::schema_for!(FsScopeEntry))
+    .global_scope_schema(
+        schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
+            .into_root_schema_for::<FsScopeEntry>(),
+    )
     .android_path("android")
     .build();
 

plugins/fs/guest-js/index.ts

@@ -5,6 +5,19 @@
 /**
  * Access the file system.
  *
+ * ## iOS security-scoped resources
+ *
+ * On iOS, the `fs` plugin automatically manages access to security-scoped resources when a file URL is accessed.
+ * This is required for files outside the app's sandbox (e.g., from file picker).
+ *
+ * @example
+ * ```typescript
+ * import { open } from '@tauri-apps/plugin-fs';
+ *
+ * const file = await open('file:///path/to/file.txt');
+ * await file.close();
+ * ```
+ *
  * ## Security
  *
  * This module prevents path traversal, not allowing parent directory accessors to be used
@@ -723,6 +736,8 @@ async function readDir(
 interface ReadFileOptions {
   /** Base directory for `path` */
   baseDir?: BaseDirectory
+  /** Text encoding to use when reading a text file. Defaults to 'utf-8'. */
+  encoding?: string
 }
 
 /**
@@ -753,7 +768,7 @@ async function readFile(
 }
 
 /**
- * Reads and returns the entire contents of a file as UTF-8 string.
+ * Reads and returns the entire contents of a file as a string using the specified encoding (default: UTF-8).
  * @example
  * ```typescript
  * import { readTextFile, BaseDirectory } from '@tauri-apps/plugin-fs';
@@ -777,11 +792,11 @@ async function readTextFile(
 
   const bytes = arr instanceof ArrayBuffer ? arr : Uint8Array.from(arr)
 
-  return new TextDecoder().decode(bytes)
+  return new TextDecoder(options?.encoding ?? 'utf-8').decode(bytes)
 }
 
 /**
- * Returns an async {@linkcode AsyncIterableIterator} over the lines of a file as UTF-8 string.
+ * Returns an async {@linkcode AsyncIterableIterator} over the lines of a file, decoded using the specified encoding (default: UTF-8).
  * @example
  * ```typescript
  * import { readTextFileLines, BaseDirectory } from '@tauri-apps/plugin-fs';
@@ -810,10 +825,15 @@ async function readTextFileLines(
     rid: null as number | null,
 
     async next(): Promise<IteratorResult<string>> {
+      const decoder = new TextDecoder(options?.encoding ?? 'utf-8')
+
       if (this.rid === null) {
+        // Use the normalized encoding label for options.
+        const encoding = decoder.encoding
+
         this.rid = await invoke<number>('plugin:fs|read_text_file_lines', {
           path: pathStr,
-          options
+          options: options != null ? { ...options, encoding } : undefined
         })
       }
 
@@ -838,9 +858,7 @@ async function readTextFileLines(
         return { value: null, done }
       }
 
-      const line = new TextDecoder().decode(
-        bytes.slice(0, bytes.byteLength - 1)
-      )
+      const line = decoder.decode(bytes.slice(0, bytes.byteLength - 1))
 
       return {
         value: line,
@@ -1348,6 +1366,79 @@ async function size(path: string | URL): Promise<number> {
   })
 }
 
+/**
+ * Starts accessing a security-scoped resource for the given file URL.
+ * This should be called when you're accessing a file that was opened
+ * using a security-scoped URL (e.g., from a file picker).
+ *
+ * Note that accessing security-scoped resources is automatically managed by the plugin on iOS, so you don't need to call this function
+ * unless you want to manage the scope manually.
+ *
+ * You must call {@linkcode stopAccessingSecurityScopedResource} when you're done accessing the resource.
+ *
+ * #### Platform-specific
+ *
+ * - **iOS:** Starts accessing the security-scoped resource.
+ * - **Other platforms:** does nothing.
+ *
+ * @example
+ * ```typescript
+ * import { startAccessingSecurityScopedResource } from '@tauri-apps/plugin-fs';
+ *
+ * const filePath = 'file:///path/to/file.txt';
+ * await startAccessingSecurityScopedResource(filePath);
+ * // ... use the resource ...
+ * ```
+ *
+ * @since 2.5.0
+ */
+async function startAccessingSecurityScopedResource(
+  path: string | URL
+): Promise<void> {
+  if (path instanceof URL && path.protocol !== 'file:') {
+    throw new TypeError('Must be a file URL.')
+  }
+
+  await invoke('plugin:fs|start_accessing_security_scoped_resource', {
+    path: path instanceof URL ? path.toString() : path
+  })
+}
+
+/**
+ * Stops accessing a security-scoped resource for the given file URL.
+ * This should be called when you're done accessing a file that was opened
+ * using a security-scoped URL (e.g., from a file picker) when using manual tracking via {@linkcode startAccessingSecurityScopedResource}.
+ *
+ * #### Platform-specific
+ *
+ * - **iOS:** Stops accessing the security-scoped resource.
+ * - **Other platforms:** does nothing.
+ *
+ * @example
+ * ```typescript
+ * import { stopAccessingSecurityScopedResource } from '@tauri-apps/plugin-fs';
+ *
+ * const filePath = 'file:///path/to/file.txt';
+ * await startAccessingSecurityScopedResource(filePath);
+ * // ... use the resource ...
+ * // when you're done with the resource:
+ * await stopAccessingSecurityScopedResource(filePath);
+ * ```
+ *
+ * @since 2.5.0
+ */
+async function stopAccessingSecurityScopedResource(
+  path: string | URL
+): Promise<void> {
+  if (path instanceof URL && path.protocol !== 'file:') {
+    throw new TypeError('Must be a file URL.')
+  }
+
+  await invoke('plugin:fs|stop_accessing_security_scoped_resource', {
+    path: path instanceof URL ? path.toString() : path
+  })
+}
+
 export type {
   CreateOptions,
   OpenOptions,
@@ -1396,5 +1487,7 @@ export {
   exists,
   watch,
   watchImmediate,
-  size
+  size,
+  startAccessingSecurityScopedResource,
+  stopAccessingSecurityScopedResource
 }

plugins/fs/permissions/autogenerated/commands/start_accessing_security_scoped_resource.toml

@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-start-accessing-security-scoped-resource"
+description = "Enables the start_accessing_security_scoped_resource command without any pre-configured scope."
+commands.allow = ["start_accessing_security_scoped_resource"]
+
+[[permission]]
+identifier = "deny-start-accessing-security-scoped-resource"
+description = "Denies the start_accessing_security_scoped_resource command without any pre-configured scope."
+commands.deny = ["start_accessing_security_scoped_resource"]

plugins/fs/permissions/autogenerated/commands/stop_accessing_security_scoped_resource.toml

@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-stop-accessing-security-scoped-resource"
+description = "Enables the stop_accessing_security_scoped_resource command without any pre-configured scope."
+commands.allow = ["stop_accessing_security_scoped_resource"]
+
+[[permission]]
+identifier = "deny-stop-accessing-security-scoped-resource"
+description = "Denies the stop_accessing_security_scoped_resource command without any pre-configured scope."
+commands.deny = ["stop_accessing_security_scoped_resource"]

plugins/fs/permissions/autogenerated/reference.md

@@ -3435,6 +3435,32 @@ Denies the size command without any pre-configured scope.
 <tr>
 <td>
 
+`fs:allow-start-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Enables the start_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-start-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Denies the start_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
 `fs:allow-stat`
 
 </td>
@@ -3461,6 +3487,32 @@ Denies the stat command without any pre-configured scope.
 <tr>
 <td>
 
+`fs:allow-stop-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Enables the stop_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`fs:deny-stop-accessing-security-scoped-resource`
+
+</td>
+<td>
+
+Denies the stop_accessing_security_scoped_resource command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
 `fs:allow-truncate`
 
 </td>

plugins/fs/src/android.rs

@@ -3,37 +3,31 @@
 // SPDX-License-Identifier: MIT
 
 use serde::de::DeserializeOwned;
-use tauri::{
-    plugin::{PluginApi, PluginHandle},
-    AppHandle, Runtime,
-};
+use tauri::{plugin::PluginApi, AppHandle, Runtime};
 
 use crate::{models::*, FilePath, OpenOptions};
 
-#[cfg(target_os = "android")]
 const PLUGIN_IDENTIFIER: &str = "com.plugin.fs";
 
-#[cfg(target_os = "ios")]
-tauri::ios_plugin_binding!(init_plugin_fs);
+pub struct Fs<R: Runtime>(tauri::plugin::PluginHandle<R>);
 
-// initializes the Kotlin or Swift plugin classes
 pub fn init<R: Runtime, C: DeserializeOwned>(
     _app: &AppHandle<R>,
     api: PluginApi<R, C>,
 ) -> crate::Result<Fs<R>> {
-    #[cfg(target_os = "android")]
     let handle = api
         .register_android_plugin(PLUGIN_IDENTIFIER, "FsPlugin")
         .unwrap();
-    #[cfg(target_os = "ios")]
-    let handle = api.register_ios_plugin(init_plugin_android - intent - send)?;
     Ok(Fs(handle))
 }
 
-/// Access to the android-intent-send APIs.
-pub struct Fs<R: Runtime>(PluginHandle<R>);
-
 impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call `stop_accessing_security_scoped_resource` when you're done accessing the file.
     pub fn open<P: Into<FilePath>>(
         &self,
         path: P,
@@ -68,29 +62,25 @@ impl<R: Runtime> Fs<R> {
         }
     }
 
-    #[cfg(target_os = "android")]
     fn resolve_content_uri(
         &self,
         uri: impl Into<String>,
         mode: impl Into<String>,
     ) -> crate::Result<std::fs::File> {
-        #[cfg(target_os = "android")]
-        {
-            let result = self.0.run_mobile_plugin::<GetFileDescriptorResponse>(
-                "getFileDescriptor",
-                GetFileDescriptorPayload {
-                    uri: uri.into(),
-                    mode: mode.into(),
-                },
-            )?;
-            if let Some(fd) = result.fd {
-                Ok(unsafe {
-                    use std::os::fd::FromRawFd;
-                    std::fs::File::from_raw_fd(fd)
-                })
-            } else {
-                unimplemented!()
-            }
+        let result = self.0.run_mobile_plugin::<GetFileDescriptorResponse>(
+            "getFileDescriptor",
+            GetFileDescriptorPayload {
+                uri: uri.into(),
+                mode: mode.into(),
+            },
+        )?;
+        if let Some(fd) = result.fd {
+            Ok(unsafe {
+                use std::os::fd::FromRawFd;
+                std::fs::File::from_raw_fd(fd)
+            })
+        } else {
+            unimplemented!()
         }
     }
 }

plugins/fs/src/commands.rs

@@ -16,6 +16,7 @@ use std::{
     borrow::Cow,
     fs::File,
     io::{BufRead, BufReader, Read, Write},
+    ops::{Deref, DerefMut},
     path::{Path, PathBuf},
     str::FromStr,
     sync::Mutex,
@@ -70,6 +71,209 @@ impl Serialize for CommandError {
 
 pub type CommandResult<T> = std::result::Result<T, CommandError>;
 
+/// Represents either a plain PathBuf or a PathHandle that manages security-scoped resources.
+pub enum PathKind<R: Runtime> {
+    /// A plain path that doesn't manage security-scoped resources.
+    #[allow(dead_code)] // only used on mobile
+    Path(PathBuf),
+    /// A path handle that manages security-scoped resources and will clean them up on drop.
+    Handle(PathHandle<R>),
+}
+
+impl<R: Runtime> PathKind<R> {
+    /// Get a reference to the underlying path.
+    pub fn as_path(&self) -> &Path {
+        match self {
+            PathKind::Path(p) => p.as_ref(),
+            PathKind::Handle(h) => h.as_ref(),
+        }
+    }
+
+    /// Get a reference to the underlying PathBuf.
+    pub fn as_path_buf(&self) -> &PathBuf {
+        match self {
+            PathKind::Path(p) => p,
+            PathKind::Handle(h) => h,
+        }
+    }
+}
+
+impl<R: Runtime> AsRef<Path> for PathKind<R> {
+    fn as_ref(&self) -> &Path {
+        self.as_path()
+    }
+}
+
+impl<R: Runtime> AsRef<PathBuf> for PathKind<R> {
+    fn as_ref(&self) -> &PathBuf {
+        self.as_path_buf()
+    }
+}
+
+/// A file handle that automatically stops accessing security-scoped resources on iOS when dropped.
+pub struct FileHandle<R: Runtime> {
+    file: File,
+    path: PathKind<R>,
+    #[allow(dead_code)] // Used in Drop implementation
+    path_: SafeFilePath,
+    #[allow(dead_code)] // Used in Drop implementation
+    app_handle: tauri::AppHandle<R>,
+}
+
+impl<R: Runtime> FileHandle<R> {
+    fn new(
+        file: File,
+        path: PathKind<R>,
+        path_: SafeFilePath,
+        app_handle: tauri::AppHandle<R>,
+    ) -> Self {
+        Self {
+            file,
+            path,
+            path_,
+            app_handle,
+        }
+    }
+
+    /// Get the resolved path.
+    pub fn path(&self) -> &Path {
+        self.path.as_path()
+    }
+}
+
+impl<R: Runtime> Deref for FileHandle<R> {
+    type Target = File;
+
+    fn deref(&self) -> &Self::Target {
+        &self.file
+    }
+}
+
+impl<R: Runtime> DerefMut for FileHandle<R> {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.file
+    }
+}
+
+impl<R: Runtime> Drop for FileHandle<R> {
+    fn drop(&mut self) {
+        #[cfg(target_os = "ios")]
+        {
+            // Only clean up if we have a plain PathBuf, not a PathHandle
+            // PathHandle will handle its own cleanup when it's dropped
+            if let PathKind::Path(_) = &self.path {
+                use crate::{FilePath, FsExt};
+                // Convert SafeFilePath to FilePath
+                let file_path: FilePath = match &self.path_ {
+                    SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+                    SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+                };
+
+                // Only clean up if we're tracking this resource
+                // If start_accessing_security_scoped_resource was used, it won't be in our tracking
+                // and we shouldn't interfere
+                if let FilePath::Url(url) = file_path {
+                    if url.scheme() == "file" {
+                        let security_scoped_resources =
+                            self.app_handle.state::<crate::SecurityScopedResources>();
+
+                        // Only clean up if it's not tracked manually
+                        if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                            log::debug!("Stopping accessing security-scoped resource for URL: {url} on drop");
+                            let _ = self
+                                .app_handle
+                                .fs()
+                                .stop_accessing_security_scoped_resource(FilePath::Url(
+                                    url.clone(),
+                                ));
+                            security_scoped_resources.remove(url.as_str());
+                        } else {
+                            log::debug!("Not cleaning up security-scoped resource for URL: {url} on drop (manually tracked via start_accessing_security_scoped_resource)");
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+/// A path handle that automatically stops accessing security-scoped resources on iOS when dropped.
+pub struct PathHandle<R: Runtime> {
+    path: PathBuf,
+    #[allow(dead_code)] // Used in Drop implementation
+    path_: SafeFilePath,
+    #[allow(dead_code)] // Used in Drop implementation
+    app_handle: tauri::AppHandle<R>,
+}
+
+impl<R: Runtime> PathHandle<R> {
+    fn new(path: PathBuf, path_: SafeFilePath, app_handle: tauri::AppHandle<R>) -> Self {
+        Self {
+            path,
+            path_,
+            app_handle,
+        }
+    }
+}
+
+impl<R: Runtime> Deref for PathHandle<R> {
+    type Target = PathBuf;
+
+    fn deref(&self) -> &Self::Target {
+        &self.path
+    }
+}
+
+impl<R: Runtime> AsRef<Path> for PathHandle<R> {
+    fn as_ref(&self) -> &Path {
+        self.path.as_ref()
+    }
+}
+
+impl<R: Runtime> AsRef<PathBuf> for PathHandle<R> {
+    fn as_ref(&self) -> &PathBuf {
+        &self.path
+    }
+}
+
+impl<R: Runtime> Drop for PathHandle<R> {
+    fn drop(&mut self) {
+        #[cfg(target_os = "ios")]
+        {
+            use crate::{FilePath, FsExt};
+            // Convert SafeFilePath to FilePath
+            let file_path: FilePath = match &self.path_ {
+                SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+                SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+            };
+
+            // Only clean up if we're tracking this resource (i.e., resolve_path started it)
+            // If start_accessing_security_scoped_resource was used, it won't be in our tracking
+            // and we shouldn't interfere
+            if let FilePath::Url(url) = file_path {
+                if url.scheme() == "file" {
+                    let security_scoped_resources =
+                        self.app_handle.state::<crate::SecurityScopedResources>();
+
+                    // Only clean up if it's not tracked manually
+                    if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                        log::debug!(
+                            "Stopping accessing security-scoped resource for URL: {url} on drop"
+                        );
+                        let _ = self
+                            .app_handle
+                            .fs()
+                            .stop_accessing_security_scoped_resource(FilePath::Url(url.clone()));
+                        security_scoped_resources.remove(url.as_str());
+                    } else {
+                        log::debug!("Not cleaning up security-scoped resource for URL: {url} on drop (manually tracked via start_accessing_security_scoped_resource)");
+                    }
+                }
+            }
+        }
+    }
+}
+
 #[derive(Debug, Default, Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct BaseOptions {
@@ -84,7 +288,8 @@ pub fn create<R: Runtime>(
     path: SafeFilePath,
     options: Option<BaseOptions>,
 ) -> CommandResult<ResourceId> {
-    let resolved_path = resolve_path(
+    let path_ = path.clone();
+    let resolved_path_handle = resolve_path(
         "create",
         &webview,
         &global_scope,
@@ -92,13 +297,22 @@ pub fn create<R: Runtime>(
         path,
         options.and_then(|o| o.base_dir),
     )?;
-    let file = File::create(&resolved_path).map_err(|e| {
+    let file = File::create(&*resolved_path_handle).map_err(|e| {
         format!(
             "failed to create file at path: {} with error: {e}",
-            resolved_path.display()
+            resolved_path_handle.display()
         )
     })?;
-    let rid = webview.resources_table().add(StdFileResource::new(file));
+    let app_handle = webview.app_handle().clone();
+    let file_handle = FileHandle::new(
+        file,
+        PathKind::Handle(resolved_path_handle),
+        path_,
+        app_handle,
+    );
+    let rid = webview
+        .resources_table()
+        .add(StdFileResource::new(file_handle));
     Ok(rid)
 }
 
@@ -119,7 +333,7 @@ pub fn open<R: Runtime>(
     path: SafeFilePath,
     options: Option<OpenOptions>,
 ) -> CommandResult<ResourceId> {
-    let (file, _path) = resolve_file(
+    let file_handle = resolve_file(
         "open",
         &webview,
         &global_scope,
@@ -147,7 +361,9 @@ pub fn open<R: Runtime>(
         },
     )?;
 
-    let rid = webview.resources_table().add(StdFileResource::new(file));
+    let rid = webview
+        .resources_table()
+        .add(StdFileResource::new(file_handle));
 
     Ok(rid)
 }
@@ -308,8 +524,8 @@ pub async fn read<R: Runtime>(
     len: usize,
 ) -> CommandResult<tauri::ipc::Response> {
     let mut data = vec![0; len];
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    let nread = StdFileResource::with_lock(&file, |mut file| file.read(&mut data))
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    let nread = StdFileResource::with_lock(&file, |file| file.read(&mut data))
         .map_err(|e| format!("faied to read bytes from file with error: {e}"))?;
 
     // This is an optimization to include the number of read bytes (as bigendian bytes)
@@ -345,7 +561,7 @@ async fn read_file_inner<R: Runtime>(
     path: SafeFilePath,
     options: Option<BaseOptions>,
 ) -> CommandResult<tauri::ipc::Response> {
-    let (mut file, path) = resolve_file(
+    let mut file_handle = resolve_file(
         permission,
         &webview,
         &global_scope,
@@ -364,10 +580,10 @@ async fn read_file_inner<R: Runtime>(
 
     let mut contents = Vec::new();
 
-    file.read_to_end(&mut contents).map_err(|e| {
+    file_handle.read_to_end(&mut contents).map_err(|e| {
         format!(
             "failed to read file as text at path: {} with error: {e}",
-            path.display()
+            file_handle.path().display()
         )
     })?;
 
@@ -393,6 +609,14 @@ pub async fn read_file<R: Runtime>(
     .await
 }
 
+#[derive(Debug, Default, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ReadTextFileOptions {
+    #[serde(flatten)]
+    base: BaseOptions,
+    encoding: Option<String>,
+}
+
 // TODO, remove in v3, rely on `read_file` command instead
 #[tauri::command]
 pub async fn read_text_file<R: Runtime>(
@@ -419,7 +643,7 @@ pub fn read_text_file_lines<R: Runtime>(
     global_scope: GlobalScope<Entry>,
     command_scope: CommandScope<Entry>,
     path: SafeFilePath,
-    options: Option<BaseOptions>,
+    options: Option<ReadTextFileOptions>,
 ) -> CommandResult<ResourceId> {
     let resolved_path = resolve_path(
         "read-text-file-lines",
@@ -427,7 +651,7 @@ pub fn read_text_file_lines<R: Runtime>(
         &global_scope,
         &command_scope,
         path,
-        options.as_ref().and_then(|o| o.base_dir),
+        options.as_ref().and_then(|o| o.base.base_dir),
     )?;
 
     let file = File::open(&resolved_path).map_err(|e| {
@@ -437,12 +661,43 @@ pub fn read_text_file_lines<R: Runtime>(
         )
     })?;
 
+    let encoding = options.as_ref().and_then(|o| o.encoding.as_deref());
+    let (lf_bytes, cr_bytes) = lf_cr_bytes_for_encoding_label(encoding);
     let lines = BufReader::new(file);
-    let rid = webview.resources_table().add(StdLinesResource::new(lines));
+    let rid = webview
+        .resources_table()
+        .add(StdLinesResource::new(lines, lf_bytes, cr_bytes));
 
     Ok(rid)
 }
 
+/// Returns the byte sequences for LF (`\n`) and CR (`\r`) in the encoding label.
+///
+/// The provided encoding label must be a normalized, lowercase string,
+/// such as one obtained via `(new TextDecoder(encoding)).encoding`.
+///
+/// <https://developer.mozilla.org/ja/docs/Web/API/Encoding_API/Encodings>
+fn lf_cr_bytes_for_encoding_label(label: Option<&str>) -> (Vec<u8>, Vec<u8>) {
+    // Defaults to utf-8
+    // https://developer.mozilla.org/ja/docs/Web/API/TextDecoder/TextDecoder#label
+    let label = label.unwrap_or("utf-8");
+
+    // Currently, according to the Web Standard,
+    // the ASCII-incompatible encodings are UTF-16LE/BE and ISO-2022-JP.
+    // However, ISO-2022-JP can still detect line breaks in the same way as ASCII.
+    //
+    // https://encoding.spec.whatwg.org/#security-background
+    if label == "utf-16le" {
+        return (vec![0x0A, 0x00], vec![0x0D, 0x00]);
+    }
+    if label == "utf-16be" {
+        return (vec![0x00, 0x0A], vec![0x00, 0x0D]);
+    }
+
+    // ASCII-compatible
+    (vec![b'\n'], vec![b'\r'])
+}
+
 #[tauri::command]
 pub async fn read_text_file_lines_next<R: Runtime>(
     webview: Webview<R>,
@@ -599,8 +854,8 @@ pub async fn seek<R: Runtime>(
     whence: SeekMode,
 ) -> CommandResult<u64> {
     use std::io::{Seek, SeekFrom};
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    StdFileResource::with_lock(&file, |mut file| {
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    StdFileResource::with_lock(&file, |file| {
         file.seek(match whence {
             SeekMode::Start => SeekFrom::Start(offset as u64),
             SeekMode::Current => SeekFrom::Current(offset),
@@ -623,7 +878,7 @@ fn get_metadata<R: Runtime, F: FnOnce(&PathBuf) -> std::io::Result<std::fs::Meta
 ) -> CommandResult<std::fs::Metadata> {
     match path {
         SafeFilePath::Url(url) => {
-            let (file, path) = resolve_file(
+            let file_handle = resolve_file(
                 permission,
                 webview,
                 global_scope,
@@ -637,10 +892,10 @@ fn get_metadata<R: Runtime, F: FnOnce(&PathBuf) -> std::io::Result<std::fs::Meta
                     },
                 },
             )?;
-            file.metadata().map_err(|e| {
+            file_handle.metadata().map_err(|e| {
                 format!(
                     "failed to get metadata of path: {} with error: {e}",
-                    path.display()
+                    file_handle.path().display()
                 )
                 .into()
             })
@@ -747,7 +1002,7 @@ pub fn lstat<R: Runtime>(
 
 #[tauri::command]
 pub fn fstat<R: Runtime>(webview: Webview<R>, rid: ResourceId) -> CommandResult<FileInfo> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
     let metadata = StdFileResource::with_lock(&file, |file| file.metadata())
         .map_err(|e| format!("failed to get metadata of file with error: {e}"))?;
     Ok(get_stat(metadata))
@@ -795,7 +1050,7 @@ pub async fn ftruncate<R: Runtime>(
     rid: ResourceId,
     len: Option<u64>,
 ) -> CommandResult<()> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
     StdFileResource::with_lock(&file, |file| file.set_len(len.unwrap_or(0)))
         .map_err(|e| format!("failed to truncate file with error: {e}"))
         .map_err(Into::into)
@@ -807,8 +1062,8 @@ pub async fn write<R: Runtime>(
     rid: ResourceId,
     data: Vec<u8>,
 ) -> CommandResult<usize> {
-    let file = webview.resources_table().get::<StdFileResource>(rid)?;
-    StdFileResource::with_lock(&file, |mut file| file.write(&data))
+    let file: std::sync::Arc<StdFileResource<R>> = webview.resources_table().get(rid)?;
+    StdFileResource::with_lock(&file, |file| file.write(&data))
         .map_err(|e| format!("failed to write bytes to file with error: {e}"))
         .map_err(Into::into)
 }
@@ -856,7 +1111,7 @@ async fn write_file_inner<R: Runtime>(
         .and_then(|p| p.to_str().ok())
         .and_then(|opts| serde_json::from_str(opts).ok());
 
-    let (mut file, path) = resolve_file(
+    let mut file_handle = resolve_file(
         permission,
         &webview,
         &global_scope,
@@ -903,11 +1158,12 @@ async fn write_file_inner<R: Runtime>(
         _ => return Err(anyhow::anyhow!("unexpected invoke body").into()),
     };
 
-    file.write_all(&data)
+    file_handle
+        .write_all(&data)
         .map_err(|e| {
             format!(
                 "failed to write bytes to file at path: {} with error: {e}",
-                path.display()
+                file_handle.path().display()
             )
         })
         .map_err(Into::into)
@@ -993,6 +1249,130 @@ pub async fn size<R: Runtime>(
     }
 }
 
+#[tauri::command]
+pub fn start_accessing_security_scoped_resource<R: Runtime>(
+    webview: Webview<R>,
+    path: SafeFilePath,
+) -> CommandResult<()> {
+    #[cfg(target_os = "ios")]
+    {
+        use crate::FilePath;
+        // Convert SafeFilePath to FilePath
+        let file_path: FilePath = match &path {
+            SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+            SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+        };
+
+        // Only handle file URLs
+        if let FilePath::Url(url) = &file_path {
+            if url.scheme() == "file" {
+                use objc2_foundation::{NSString, NSURL};
+
+                let url_nsstring = NSString::from_str(url.as_str());
+                let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                if let Some(ns_url) = ns_url {
+                    // Check if already active
+                    let security_scoped_resources =
+                        webview.state::<crate::SecurityScopedResources>();
+                    if security_scoped_resources.is_tracked_manually(url.as_str()) {
+                        log::debug!(
+                            "Security-scoped resource already active for URL: {}",
+                            url.as_str()
+                        );
+                        return Ok(());
+                    }
+
+                    // Start accessing the security-scoped resource
+                    unsafe {
+                        let success = ns_url.startAccessingSecurityScopedResource();
+                        if success {
+                            log::debug!(
+                                "Started accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            );
+                            security_scoped_resources.track_manually(url.as_str().to_string());
+                        } else {
+                            log::warn!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            );
+                            return Err(CommandError::from(format!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url.as_str()
+                            )));
+                        }
+                    }
+                } else {
+                    return Err(CommandError::from(format!(
+                        "Failed to create NSURL from URL: {}",
+                        url.as_str()
+                    )));
+                }
+            }
+        }
+        Ok(())
+    }
+    #[cfg(not(target_os = "ios"))]
+    {
+        // No-op on non-iOS platforms
+        let _ = webview;
+        let _ = path;
+        Ok(())
+    }
+}
+
+#[tauri::command]
+pub fn stop_accessing_security_scoped_resource<R: Runtime>(
+    webview: Webview<R>,
+    path: SafeFilePath,
+) -> CommandResult<()> {
+    #[cfg(target_os = "ios")]
+    {
+        use crate::{FilePath, FsExt};
+        // Convert SafeFilePath to FilePath
+        let file_path: FilePath = match &path {
+            SafeFilePath::Url(url) => FilePath::Url(url.clone()),
+            SafeFilePath::Path(safe_path) => FilePath::Path(safe_path.as_ref().to_owned()),
+        };
+
+        // Only handle file URLs
+        if let FilePath::Url(url) = file_path {
+            if url.scheme() == "file" {
+                let security_scoped_resources = webview.state::<crate::SecurityScopedResources>();
+
+                // Check if it's tracked
+                if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                    log::debug!(
+                        "Security-scoped resource not tracked as active for URL: {}",
+                        url.as_str()
+                    );
+                    return Ok(());
+                }
+
+                // Stop accessing the security-scoped resource
+                webview
+                    .fs()
+                    .stop_accessing_security_scoped_resource(FilePath::Url(url.clone()))?;
+
+                // Remove from tracking
+                security_scoped_resources.remove(url.as_str());
+                log::debug!(
+                    "Stopped accessing security-scoped resource for URL: {}",
+                    url.as_str()
+                );
+            }
+        }
+        Ok(())
+    }
+    #[cfg(not(target_os = "ios"))]
+    {
+        // No-op on non-iOS platforms
+        let _ = webview;
+        let _ = path;
+        Ok(())
+    }
+}
+
 fn get_dir_size(path: &PathBuf) -> CommandResult<u64> {
     let mut size = 0;
 
@@ -1010,7 +1390,7 @@ fn get_dir_size(path: &PathBuf) -> CommandResult<u64> {
     Ok(size)
 }
 
-#[cfg(not(target_os = "android"))]
+#[cfg(desktop)]
 pub fn resolve_file<R: Runtime>(
     permission: &str,
     webview: &Webview<R>,
@@ -1018,7 +1398,7 @@ pub fn resolve_file<R: Runtime>(
     command_scope: &CommandScope<Entry>,
     path: SafeFilePath,
     open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
+) -> CommandResult<FileHandle<R>> {
     resolve_file_in_fs(
         permission,
         webview,
@@ -1036,8 +1416,9 @@ fn resolve_file_in_fs<R: Runtime>(
     command_scope: &CommandScope<Entry>,
     path: SafeFilePath,
     open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
-    let path = resolve_path(
+) -> CommandResult<FileHandle<R>> {
+    let path_ = path.clone();
+    let resolved_path_handle = resolve_path(
         permission,
         webview,
         global_scope,
@@ -1047,17 +1428,24 @@ fn resolve_file_in_fs<R: Runtime>(
     )?;
 
     let file = std::fs::OpenOptions::from(open_options.options)
-        .open(&path)
+        .open(&*resolved_path_handle)
         .map_err(|e| {
             format!(
                 "failed to open file at path: {} with error: {e}",
-                path.display()
+                resolved_path_handle.display()
             )
         })?;
-    Ok((file, path))
+
+    let app_handle = webview.app_handle().clone();
+    Ok(FileHandle::new(
+        file,
+        PathKind::Handle(resolved_path_handle),
+        path_,
+        app_handle,
+    ))
 }
 
-#[cfg(target_os = "android")]
+#[cfg(mobile)]
 pub fn resolve_file<R: Runtime>(
     permission: &str,
     webview: &Webview<R>,
@@ -1065,16 +1453,23 @@ pub fn resolve_file<R: Runtime>(
     command_scope: &CommandScope<Entry>,
     path: SafeFilePath,
     open_options: OpenOptions,
-) -> CommandResult<(File, PathBuf)> {
+) -> CommandResult<FileHandle<R>> {
     use crate::FsExt;
 
+    let path_ = path.clone();
     match path {
         SafeFilePath::Url(url) => {
-            let path = url.as_str().into();
+            let resolved_path = url.as_str().into();
             let file = webview
                 .fs()
-                .open(SafeFilePath::Url(url), open_options.options)?;
-            Ok((file, path))
+                .open(SafeFilePath::Url(url.clone()), open_options.options)?;
+            let app_handle = webview.app_handle().clone();
+            Ok(FileHandle::new(
+                file,
+                PathKind::Path(resolved_path),
+                path_,
+                app_handle,
+            ))
         }
         SafeFilePath::Path(path) => resolve_file_in_fs(
             permission,
@@ -1094,9 +1489,47 @@ pub fn resolve_path<R: Runtime>(
     command_scope: &CommandScope<Entry>,
     path: SafeFilePath,
     base_dir: Option<BaseDirectory>,
-) -> CommandResult<PathBuf> {
+) -> CommandResult<PathHandle<R>> {
+    let path_ = path.clone();
+    // On iOS, start accessing security-scoped resource if the path is a file URL
+    // Only if it hasn't been started already via start_accessing_security_scoped_resource
+    #[cfg(target_os = "ios")]
+    {
+        if let SafeFilePath::Url(url) = &path {
+            if url.scheme() == "file" {
+                use objc2_foundation::{NSString, NSURL};
+
+                let security_scoped_resources = webview.state::<crate::SecurityScopedResources>();
+
+                // Check if already active (started via start_accessing_security_scoped_resource)
+                if !security_scoped_resources.is_tracked_manually(url.as_str()) {
+                    let url_nsstring = NSString::from_str(url.as_str());
+                    let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                    if let Some(ns_url) = ns_url {
+                        // Start accessing the security-scoped resource
+                        // This is required for files outside the app's sandbox (e.g., from file picker)
+                        unsafe {
+                            let success = ns_url.startAccessingSecurityScopedResource();
+                            if success {
+                                log::debug!("Started accessing security-scoped resource for URL: {} (via resolve_path)", url.as_str());
+                                // Track it so we know to clean it up
+                                security_scoped_resources.track_manually(url.as_str().to_string());
+                            } else {
+                                log::warn!("Failed to start accessing security-scoped resource for URL: {}", url.as_str());
+                            }
+                        }
+                    } else {
+                        log::debug!("Failed to create NSURL from URL: {}, ignoring security-scoped resource access request", url.as_str());
+                    }
+                } else {
+                    log::debug!("Security-scoped resource already active for URL: {} (started via start_accessing_security_scoped_resource), skipping", url.as_str());
+                }
+            }
+        }
+    }
+
     let path = path.into_path()?;
-    let path = if let Some(base_dir) = base_dir {
+    let resolved_path = if let Some(base_dir) = base_dir {
         webview.path().resolve(&path, base_dir)?
     } else {
         path
@@ -1125,23 +1558,24 @@ pub fn resolve_path<R: Runtime>(
 
     let require_literal_leading_dot = fs_scope.require_literal_leading_dot.unwrap_or(cfg!(unix));
 
-    if is_forbidden(&fs_scope.scope, &path, require_literal_leading_dot)
-        || is_forbidden(&scope, &path, require_literal_leading_dot)
+    if is_forbidden(&fs_scope.scope, &resolved_path, require_literal_leading_dot)
+        || is_forbidden(&scope, &resolved_path, require_literal_leading_dot)
     {
-        return Err(CommandError::Plugin(Error::PathForbidden(path)));
+        return Err(CommandError::Plugin(Error::PathForbidden(resolved_path)));
     }
 
-    if fs_scope.scope.is_allowed(&path) || scope.is_allowed(&path) {
-        Ok(path)
+    if fs_scope.scope.is_allowed(&resolved_path) || scope.is_allowed(&resolved_path) {
+        let app_handle = webview.app_handle().clone();
+        Ok(PathHandle::new(resolved_path, path_, app_handle))
     } else {
         #[cfg(not(debug_assertions))]
-        return Err(CommandError::Plugin(Error::PathForbidden(path)));
+        return Err(CommandError::Plugin(Error::PathForbidden(resolved_path)));
 
         #[cfg(debug_assertions)]
         Err(
             anyhow::anyhow!(
                 "forbidden path: {}, maybe it is not allowed on the scope for `allow-{permission}` permission in your capability file",
-                path.display()
+                resolved_path.display()
             )
         )
         .map_err(Into::into)
@@ -1187,38 +1621,55 @@ fn is_forbidden<P: AsRef<Path>>(
     }
 }
 
-struct StdFileResource(Mutex<File>);
+struct StdFileResource<R: Runtime>(Mutex<FileHandle<R>>);
 
-impl StdFileResource {
-    fn new(file: File) -> Self {
-        Self(Mutex::new(file))
+impl<R: Runtime> StdFileResource<R> {
+    fn new(file_handle: FileHandle<R>) -> Self {
+        Self(Mutex::new(file_handle))
     }
 
-    fn with_lock<R, F: FnMut(&File) -> R>(&self, mut f: F) -> R {
-        let file = self.0.lock().unwrap();
-        f(&file)
+    fn with_lock<Ret, F: FnMut(&mut File) -> Ret>(&self, mut f: F) -> Ret {
+        let mut file_handle = self.0.lock().unwrap();
+        f(&mut file_handle)
     }
 }
 
-impl Resource for StdFileResource {}
+impl<R: Runtime> Resource for StdFileResource<R> {}
 
 /// Same as [std::io::Lines] but with bytes
-struct LinesBytes<T: BufRead>(T);
+struct LinesBytes<T: BufRead> {
+    bytes: T,
+    lf_bytes: Vec<u8>,
+    cr_bytes: Vec<u8>,
+}
+
+impl<T: BufRead> LinesBytes<T> {
+    fn new(bytes: T, lf_bytes: Vec<u8>, cr_bytes: Vec<u8>) -> Self {
+        LinesBytes {
+            bytes,
+            lf_bytes,
+            cr_bytes,
+        }
+    }
+}
 
 impl<B: BufRead> Iterator for LinesBytes<B> {
     type Item = std::io::Result<Vec<u8>>;
 
     fn next(&mut self) -> Option<std::io::Result<Vec<u8>>> {
         let mut buf = Vec::new();
-        match self.0.read_until(b'\n', &mut buf) {
+        // Search for '\n'
+        match read_until_bytes(&mut self.bytes, &self.lf_bytes, &mut buf) {
             Ok(0) => None,
             Ok(_n) => {
-                if buf.last() == Some(&b'\n') {
-                    buf.pop();
-                    if buf.last() == Some(&b'\r') {
-                        buf.pop();
+                // Remove '\n' or '\r\n'
+                if buf.ends_with(&self.lf_bytes) {
+                    buf.truncate(buf.len() - self.lf_bytes.len());
+                    if buf.ends_with(&self.cr_bytes) {
+                        buf.truncate(buf.len() - self.cr_bytes.len());
                     }
                 }
+
                 Some(Ok(buf))
             }
             Err(e) => Some(Err(e)),
@@ -1226,11 +1677,35 @@ impl<B: BufRead> Iterator for LinesBytes<B> {
     }
 }
 
+fn read_until_bytes(
+    r: &mut impl BufRead,
+    bytes: &[u8],
+    buf: &mut Vec<u8>,
+) -> std::io::Result<usize> {
+    let last_byte = *bytes
+        .last()
+        .ok_or_else(|| std::io::Error::other("invalid empty bytes"))?;
+
+    if bytes.len() == 1 {
+        return r.read_until(last_byte, buf);
+    }
+
+    let mut total_n = 0;
+    loop {
+        let n = r.read_until(last_byte, buf)?;
+        total_n += n;
+
+        if n == 0 || buf.ends_with(bytes) {
+            return Ok(total_n);
+        }
+    }
+}
+
 struct StdLinesResource(Mutex<LinesBytes<BufReader<File>>>);
 
 impl StdLinesResource {
-    fn new(lines: BufReader<File>) -> Self {
-        Self(Mutex::new(LinesBytes(lines)))
+    fn new(lines: BufReader<File>, lf_bytes: Vec<u8>, cr_bytes: Vec<u8>) -> Self {
+        Self(Mutex::new(LinesBytes::new(lines, lf_bytes, cr_bytes)))
     }
 
     fn with_lock<R, F: FnMut(&mut LinesBytes<BufReader<File>>) -> R>(&self, mut f: F) -> R {
@@ -1354,21 +1829,60 @@ mod test {
 
     #[test]
     fn test_lines_bytes() {
-        let base = String::from("line 1\nline2\nline 3\nline 4");
-        let bytes = base.as_bytes();
+        // UTF-8
+        {
+            let base = String::from("line 1\nline2\nline 3\r\nline 4");
+            let bytes = base.as_bytes();
 
-        let string1 = base.lines().collect::<String>();
-        let string2 = BufReader::new(bytes)
-            .lines()
-            .map_while(Result::ok)
-            .collect::<String>();
-        let string3 = LinesBytes(BufReader::new(bytes))
-            .flatten()
-            .flat_map(String::from_utf8)
-            .collect::<String>();
+            let string1 = base.lines().collect::<String>();
+            let string2 = BufReader::new(bytes)
+                .lines()
+                .map_while(Result::ok)
+                .collect::<String>();
+            let string3 = LinesBytes::new(BufReader::new(bytes), vec![b'\n'], vec![b'\r'])
+                .flatten()
+                .flat_map(String::from_utf8)
+                .collect::<String>();
 
-        assert_eq!(string1, string2);
-        assert_eq!(string1, string3);
-        assert_eq!(string2, string3);
+            assert_eq!(string1, string2);
+            assert_eq!(string1, string3);
+            assert_eq!(string2, string3);
+        }
+
+        // UTF-16 LE
+        {
+            fn utf16(text: &str) -> Vec<u8> {
+                text.encode_utf16().flat_map(|u| u.to_le_bytes()).collect()
+            }
+
+            let base = String::from("line 1\nline2\nline 3\r\nline 4\n");
+            let bytes = utf16(&base);
+
+            let mut lines = LinesBytes::new(BufReader::new(&bytes[..]), utf16("\n"), utf16("\r"));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 1")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line2")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 3")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 4")));
+            assert!(lines.next().is_none());
+        }
+
+        // UTF-16 BE
+        {
+            fn utf16(text: &str) -> Vec<u8> {
+                text.encode_utf16().flat_map(|u| u.to_be_bytes()).collect()
+            }
+
+            // ਗ (U+0A17) encodes to 0x0A 0x17,
+            // which contains 0x0A but is not a line feed (U+000A = 0x00 0x0A).
+            let base = String::from("line 1\nline2ਗ\nline 3\r\nline 4");
+            let bytes = utf16(&base);
+
+            let mut lines = LinesBytes::new(BufReader::new(&bytes[..]), utf16("\n"), utf16("\r"));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 1")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line2ਗ")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 3")));
+            assert_eq!(lines.next().map(Result::unwrap), Some(utf16("line 4")));
+            assert!(lines.next().is_none());
+        }
     }
 }

plugins/fs/src/desktop.rs

@@ -24,6 +24,12 @@ fn path_or_err<P: Into<FilePath>>(p: P) -> std::io::Result<PathBuf> {
 }
 
 impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call `stop_accessing_security_scoped_resource` when you're done accessing the file.
     pub fn open<P: Into<FilePath>>(
         &self,
         path: P,

plugins/fs/src/ios.rs

@@ -0,0 +1,137 @@
+// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+use serde::de::DeserializeOwned;
+use tauri::{plugin::PluginApi, AppHandle, Runtime};
+
+use crate::{FilePath, OpenOptions};
+
+pub struct Fs<R: Runtime> {
+    _phantom: std::marker::PhantomData<fn() -> R>,
+}
+
+pub fn init<R: Runtime, C: DeserializeOwned>(
+    _app: &AppHandle<R>,
+    _api: PluginApi<R, C>,
+) -> crate::Result<Fs<R>> {
+    Ok(Fs {
+        _phantom: std::marker::PhantomData,
+    })
+}
+
+impl<R: Runtime> Fs<R> {
+    /// Open a file.
+    ///
+    /// # Platform-specific
+    ///
+    /// - **iOS**: This method will automatically start accessing a security-scoped resource if the path is a file URL.
+    ///   You must call [`Self::stop_accessing_security_scoped_resource`] when you're done accessing the file.
+    pub fn open<P: Into<FilePath>>(
+        &self,
+        path: P,
+        opts: OpenOptions,
+    ) -> std::io::Result<std::fs::File> {
+        use objc2_foundation::{NSString, NSURL};
+
+        match path.into() {
+            FilePath::Url(url) if url.scheme() == "file" => {
+                // Handle security-scoped URLs on iOS
+                let url_string = url.as_str();
+                let url_nsstring = NSString::from_str(url_string);
+
+                // Create NSURL from the URL string
+                // URLWithString may return None for invalid URLs, but file:// URLs should be valid
+                let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+                if let Some(ns_url) = ns_url {
+                    // Start accessing the security-scoped resource
+                    // This is required for files outside the app's sandbox (e.g., from file picker)
+                    // Note: We don't call stopAccessingSecurityScopedResource here because
+                    // the file handle needs to remain accessible while the File is in use.
+                    // The access will be automatically stopped when the app is backgrounded or terminated.
+                    unsafe {
+                        let success = ns_url.startAccessingSecurityScopedResource();
+                        if success {
+                            log::debug!(
+                                "Started accessing security-scoped resource for URL: {}",
+                                url_string
+                            );
+                        } else {
+                            log::warn!(
+                                "Failed to start accessing security-scoped resource for URL: {}",
+                                url_string
+                            );
+                        }
+                    }
+                } else {
+                    log::debug!("Failed to create NSURL from URL: {}, ignoring security-scoped resource access request", url_string);
+                }
+
+                // Convert URL to path and open the file
+                let path = url.to_file_path().map_err(|_| {
+                    std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid file URL")
+                })?;
+                std::fs::OpenOptions::from(opts).open(path)
+            }
+            FilePath::Url(_) => Err(std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "cannot use a non-file URL to load files on iOS",
+            )),
+            FilePath::Path(p) => {
+                // Regular path, no security-scoped resource handling needed
+                std::fs::OpenOptions::from(opts).open(p)
+            }
+        }
+    }
+
+    /// Stops accessing a security-scoped resource for the given file path or URL.
+    /// This should be called when you're done accessing a file that was opened
+    /// using a security-scoped URL (e.g., from a file picker).
+    ///
+    /// # Arguments
+    ///
+    /// * `path` - A file path or URL that was previously accessed via `startAccessingSecurityScopedResource`
+    ///
+    /// # Returns
+    ///
+    /// Returns `Ok(())` if successful, or an error if the path/URL is invalid or not a file URL.
+    pub fn stop_accessing_security_scoped_resource<P: Into<FilePath>>(
+        &self,
+        path: P,
+    ) -> crate::Result<()> {
+        use objc2_foundation::{NSString, NSURL};
+
+        let file_path = path.into();
+        let url_string = match file_path {
+            FilePath::Url(url) => {
+                if url.scheme() != "file" {
+                    return Err(crate::Error::InvalidPathUrl);
+                }
+                url.as_str().to_string()
+            }
+            FilePath::Path(p) => {
+                // Convert path to file URL
+                url::Url::from_file_path(&p)
+                    .map_err(|_| crate::Error::InvalidPathUrl)?
+                    .as_str()
+                    .to_string()
+            }
+        };
+
+        let url_nsstring = NSString::from_str(&url_string);
+        let ns_url = unsafe { NSURL::URLWithString(&url_nsstring) };
+        if let Some(ns_url) = ns_url {
+            // Stop accessing the security-scoped resource
+            unsafe {
+                ns_url.stopAccessingSecurityScopedResource();
+            }
+        } else {
+            return Err(crate::Error::Io(std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                "failed to create NSURL from URL",
+            )));
+        }
+
+        Ok(())
+    }
+}

plugins/fs/src/lib.rs

@@ -4,12 +4,17 @@
 
 //! Access the file system.
 
+// TODO(v3): consider redesign the API to implement automatic stopAccessingSecurityScopedResource on iOS
+// this likely requires returning a handle to a resource so we can impl Drop for it
+
 #![doc(
     html_logo_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png",
     html_favicon_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png"
 )]
 
 use std::io::Read;
+#[cfg(target_os = "ios")]
+use std::sync::Mutex;
 
 use serde::Deserialize;
 use tauri::{
@@ -19,24 +24,28 @@ use tauri::{
     AppHandle, DragDropEvent, Manager, RunEvent, Runtime, WindowEvent,
 };
 
+#[cfg(target_os = "android")]
+mod android;
 mod commands;
 mod config;
-#[cfg(not(target_os = "android"))]
+#[cfg(desktop)]
 mod desktop;
 mod error;
 mod file_path;
-#[cfg(target_os = "android")]
-mod mobile;
+#[cfg(target_os = "ios")]
+mod ios;
 #[cfg(target_os = "android")]
 mod models;
 mod scope;
 #[cfg(feature = "watch")]
 mod watcher;
 
-#[cfg(not(target_os = "android"))]
-pub use desktop::Fs;
 #[cfg(target_os = "android")]
-pub use mobile::Fs;
+pub use android::Fs;
+#[cfg(desktop)]
+pub use desktop::Fs;
+#[cfg(target_os = "ios")]
+pub use ios::Fs;
 
 pub use error::Error;
 
@@ -369,6 +378,56 @@ pub(crate) struct Scope {
     pub(crate) require_literal_leading_dot: Option<bool>,
 }
 
+/// Tracks which paths have active security-scoped resource access on iOS.
+#[cfg(target_os = "ios")]
+pub(crate) struct SecurityScopedResources {
+    /// Set of file URLs that are currently accessing security-scoped resources.
+    /// The key is the URL string representation.
+    pub(crate) active_urls: Mutex<std::collections::HashSet<String>>,
+}
+
+#[cfg(target_os = "ios")]
+impl SecurityScopedResources {
+    pub(crate) fn new() -> Self {
+        Self {
+            active_urls: Mutex::new(std::collections::HashSet::new()),
+        }
+    }
+
+    pub(crate) fn is_tracked_manually(&self, url: &str) -> bool {
+        self.active_urls.lock().unwrap().contains(url)
+    }
+
+    pub(crate) fn track_manually(&self, url: String) {
+        self.active_urls.lock().unwrap().insert(url);
+    }
+
+    pub(crate) fn remove(&self, url: &str) {
+        self.active_urls.lock().unwrap().remove(url);
+    }
+}
+
+#[cfg(not(target_os = "ios"))]
+pub(crate) struct SecurityScopedResources;
+
+#[cfg(not(target_os = "ios"))]
+impl SecurityScopedResources {
+    pub(crate) fn new() -> Self {
+        Self
+    }
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn is_tracked_manually(&self, _url: &str) -> bool {
+        false
+    }
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn track_manually(&self, _url: String) {}
+
+    #[allow(dead_code)] // Used on iOS, but not on other platforms
+    pub(crate) fn remove(&self, _url: &str) {}
+}
+
 pub trait FsExt<R: Runtime> {
     fn fs_scope(&self) -> tauri::fs::Scope;
     fn try_fs_scope(&self) -> Option<tauri::fs::Scope>;
@@ -417,6 +476,8 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {
             commands::write_text_file,
             commands::exists,
             commands::size,
+            commands::start_accessing_security_scoped_resource,
+            commands::stop_accessing_security_scoped_resource,
             #[cfg(feature = "watch")]
             watcher::watch,
         ])
@@ -431,13 +492,19 @@ pub fn init<R: Runtime>() -> TauriPlugin<R, Option<config::Config>> {
 
             #[cfg(target_os = "android")]
             {
-                let fs = mobile::init(app, api)?;
+                let fs = android::init(app, api)?;
                 app.manage(fs);
             }
-            #[cfg(not(target_os = "android"))]
+            #[cfg(target_os = "ios")]
+            {
+                let fs = ios::init(app, api)?;
+                app.manage(fs);
+            }
+            #[cfg(desktop)]
             app.manage(Fs(app.clone()));
 
             app.manage(scope);
+            app.manage(SecurityScopedResources::new());
             Ok(())
         })
         .on_event(|app, event| {

plugins/geolocation/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,114 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-check-permissions",
-          "markdownDescription": "Enables the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-check-permissions",
-          "markdownDescription": "Denies the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the clear_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-clear-permissions",
-          "markdownDescription": "Enables the clear_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the clear_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-clear-permissions",
-          "markdownDescription": "Denies the clear_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the clear_watch command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-clear-watch",
-          "markdownDescription": "Enables the clear_watch command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the clear_watch command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-clear-watch",
-          "markdownDescription": "Denies the clear_watch command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get_current_position command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-current-position",
-          "markdownDescription": "Enables the get_current_position command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_current_position command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-current-position",
-          "markdownDescription": "Denies the get_current_position command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the request_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-request-permissions",
-          "markdownDescription": "Enables the request_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the request_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-request-permissions",
-          "markdownDescription": "Denies the request_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the watch_position command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-watch-position",
-          "markdownDescription": "Enables the watch_position command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the watch_position command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-watch-position",
-          "markdownDescription": "Denies the watch_position command without any pre-configured scope."
+          "const": "iOS"
         }
       ]
     }

plugins/global-shortcut/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,108 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the is_registered command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-is-registered",
-          "markdownDescription": "Enables the is_registered command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the is_registered command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-is-registered",
-          "markdownDescription": "Denies the is_registered command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the register command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-register",
-          "markdownDescription": "Enables the register command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the register command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-register",
-          "markdownDescription": "Denies the register command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the register_all command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-register-all",
-          "markdownDescription": "Enables the register_all command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the register_all command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-register-all",
-          "markdownDescription": "Denies the register_all command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the unregister command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-unregister",
-          "markdownDescription": "Enables the unregister command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the unregister command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-unregister",
-          "markdownDescription": "Denies the unregister command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the unregister_all command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-unregister-all",
-          "markdownDescription": "Enables the unregister_all command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the unregister_all command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-unregister-all",
-          "markdownDescription": "Denies the unregister_all command without any pre-configured scope."
-        },
-        {
-          "description": "No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is\napplication specific if specific shortcuts should be\nregistered or unregistered.\n",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "No features are enabled by default, as we believe\nthe shortcuts can be inherently dangerous and it is\napplication specific if specific shortcuts should be\nregistered or unregistered.\n"
+          "const": "iOS"
         }
       ]
     }

plugins/haptics/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,90 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the impact_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-impact-feedback",
-          "markdownDescription": "Enables the impact_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the impact_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-impact-feedback",
-          "markdownDescription": "Denies the impact_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the notification_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-notification-feedback",
-          "markdownDescription": "Enables the notification_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the notification_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-notification-feedback",
-          "markdownDescription": "Denies the notification_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the selection_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-selection-feedback",
-          "markdownDescription": "Enables the selection_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the selection_feedback command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-selection-feedback",
-          "markdownDescription": "Denies the selection_feedback command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the vibrate command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-vibrate",
-          "markdownDescription": "Enables the vibrate command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the vibrate command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-vibrate",
-          "markdownDescription": "Denies the vibrate command without any pre-configured scope."
+          "const": "iOS"
         }
       ]
     }

plugins/http/Cargo.toml

@@ -37,7 +37,7 @@ http = "1"
 reqwest = { version = "0.12", default-features = false }
 url = { workspace = true }
 data-url = "0.3"
-cookie_store = { version = "0.21.1", optional = true, features = ["serde"] }
+cookie_store = { version = "0.22", optional = true, features = ["serde"] }
 bytes = { version = "1.9", optional = true }
 tracing = { workspace = true, optional = true }
 

plugins/http/api-iife.js

@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request cancelled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,s=n?.connectTimeout,i=n?.proxy,d=n?.danger;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy,delete n.danger);const c=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,u=new Request(e,n),l=await u.arrayBuffer(),_=0!==l.byteLength?Array.from(new Uint8Array(l)):null;for(const[e,t]of u.headers)c.get(e)||c.set(e,t);const h=(c instanceof Headers?Array.from(c.entries()):Array.isArray(c)?c:Object.entries(c)).map((([e,t])=>[e,"string"==typeof t?t:t.toString()]));if(a?.aborted)throw new Error(r);const f=await t("plugin:http|fetch",{clientConfig:{method:u.method,url:u.url,headers:h,data:_,maxRedirections:o,connectTimeout:s,proxy:i,danger:d}}),p=()=>t("plugin:http|fetch_cancel",{rid:f});if(a?.aborted)throw p(),new Error(r);a?.addEventListener("abort",(()=>{p()}));const{status:w,statusText:y,url:g,headers:b,rid:T}=await t("plugin:http|fetch_send",{rid:f}),R=()=>t("plugin:http|fetch_cancel_body",{rid:T}),m=[101,103,204,205,304].includes(w)?null:new ReadableStream({start:e=>{a?.addEventListener("abort",(()=>{e.error(r),R()}))},pull:e=>(async e=>{let r;try{r=await t("plugin:http|fetch_read_body",{rid:T})}catch(t){return e.error(t),void R()}const n=new Uint8Array(r),a=n[n.byteLength-1],o=n.slice(0,n.byteLength-1);1!==a?e.enqueue(o):e.close()})(e),cancel:()=>{R()}}),A=new Response(m,{status:w,statusText:y});return Object.defineProperty(A,"url",{value:g}),Object.defineProperty(A,"headers",{value:new Headers(b)}),A},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request cancelled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,i=n?.connectTimeout,s=n?.proxy,d=n?.danger;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy,delete n.danger);const c=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,l=new Request(e,n),u=await l.arrayBuffer(),f=0!==u.byteLength?Array.from(new Uint8Array(u)):null;for(const[e,t]of l.headers)c.get(e)||c.set(e,t);const _=(c instanceof Headers?Array.from(c.entries()):Array.isArray(c)?c:Object.entries(c)).map((([e,t])=>[e,"string"==typeof t?t:t.toString()]));if(a?.aborted)throw new Error(r);const h=await t("plugin:http|fetch",{clientConfig:{method:l.method,url:l.url,headers:_,data:f,maxRedirections:o,connectTimeout:i,proxy:s,danger:d}}),p=()=>t("plugin:http|fetch_cancel",{rid:h});if(a?.aborted)throw p(),new Error(r);a?.addEventListener("abort",(()=>{p()}));const{status:w,statusText:y,url:b,headers:g,rid:T}=await t("plugin:http|fetch_send",{rid:h}),R=()=>t("plugin:http|fetch_cancel_body",{rid:T}),m=[101,103,204,205,304].includes(w)?null:new ReadableStream({start:e=>{a?.addEventListener("abort",(()=>{e.error(r),R()}))},pull:e=>(async e=>{let r;try{r=await t("plugin:http|fetch_read_body",{rid:T})}catch(t){return e.error(t),void R()}const n=new Uint8Array(r),a=n[n.byteLength-1],o=n.slice(0,n.byteLength-1);1!==a?e.enqueue(o):e.close()})(e),cancel:()=>{R()}}),A=new Response(m,{status:w,statusText:y});Object.defineProperty(A,"url",{value:b,writable:!1}),Object.defineProperty(A,"headers",{value:new Headers(g),writable:!1});const v=A.clone.bind(A);return Object.defineProperty(A,"clone",{value:()=>{const e=v();return Object.defineProperty(e,"url",{value:b,writable:!1}),Object.defineProperty(e,"headers",{value:new Headers(g),writable:!1}),e}}),A},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})}

plugins/http/build.rs

@@ -68,6 +68,9 @@ fn _f() {
 fn main() {
     tauri_plugin::Builder::new(COMMANDS)
         .global_api_script_path("./api-iife.js")
-        .global_scope_schema(schemars::schema_for!(HttpScopeEntry))
+        .global_scope_schema(
+            schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
+                .into_root_schema_for::<HttpScopeEntry>(),
+        )
         .build();
 }

plugins/http/guest-js/index.ts

@@ -287,14 +287,30 @@ export async function fetch(
     statusText
   })
 
-  // Set `Response` properties that are ignored by the
-  // constructor, like url and some headers
-  //
-  // Since url and headers are read only properties
-  // this is the only way to set them.
-  Object.defineProperty(res, 'url', { value: url })
+  // `Response.url` cannot be set via the constructor, so we define it manually
+  Object.defineProperty(res, 'url', { value: url, writable: false })
+
+  // Expose `set-cookie` via `response.headers` (and `getSetCookie()` where
+  // supported). This is not Fetch-spec compliant for network responses in
+  // browsers, where `set-cookie` is treated as a forbidden response
+  // header and is generally not readable from JavaScript.
   Object.defineProperty(res, 'headers', {
-    value: new Headers(responseHeaders)
+    value: new Headers(responseHeaders),
+    writable: false
+  })
+
+  // Patch clone() per-instance so cloning preserves the overridden properties
+  const originalClone = res.clone.bind(res)
+  Object.defineProperty(res, 'clone', {
+    value: () => {
+      const cloned = originalClone()
+      Object.defineProperty(cloned, 'url', { value: url, writable: false })
+      Object.defineProperty(cloned, 'headers', {
+        value: new Headers(responseHeaders),
+        writable: false
+      })
+      return cloned
+    }
   })
 
   return res

plugins/http/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,108 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the fetch command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-fetch",
-          "markdownDescription": "Enables the fetch command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the fetch command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-fetch",
-          "markdownDescription": "Denies the fetch command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the fetch_cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-fetch-cancel",
-          "markdownDescription": "Enables the fetch_cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the fetch_cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-fetch-cancel",
-          "markdownDescription": "Denies the fetch_cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the fetch_cancel_body command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-fetch-cancel-body",
-          "markdownDescription": "Enables the fetch_cancel_body command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the fetch_cancel_body command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-fetch-cancel-body",
-          "markdownDescription": "Denies the fetch_cancel_body command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the fetch_read_body command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-fetch-read-body",
-          "markdownDescription": "Enables the fetch_read_body command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the fetch_read_body command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-fetch-read-body",
-          "markdownDescription": "Denies the fetch_read_body command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the fetch_send command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-fetch-send",
-          "markdownDescription": "Enables the fetch_send command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the fetch_send command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-fetch-send",
-          "markdownDescription": "Denies the fetch_send command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-send`\n- `allow-fetch-read-body`\n- `allow-fetch-cancel-body`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-send`\n- `allow-fetch-read-body`\n- `allow-fetch-cancel-body`"
+          "const": "iOS"
         }
       ]
     }

plugins/log/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,60 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the log command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-log",
-          "markdownDescription": "Enables the log command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the log command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-log",
-          "markdownDescription": "Denies the log command without any pre-configured scope."
-        },
-        {
-          "description": "Allows the log command\n#### This default permission set includes:\n\n- `allow-log`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "Allows the log command\n#### This default permission set includes:\n\n- `allow-log`"
+          "const": "iOS"
         }
       ]
     }

plugins/nfc/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,84 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the is_available command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-is-available",
-          "markdownDescription": "Enables the is_available command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the is_available command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-is-available",
-          "markdownDescription": "Denies the is_available command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the scan command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-scan",
-          "markdownDescription": "Enables the scan command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the scan command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-scan",
-          "markdownDescription": "Denies the scan command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the write command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-write",
-          "markdownDescription": "Enables the write command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the write command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-write",
-          "markdownDescription": "Denies the write command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`"
+          "const": "iOS"
         }
       ]
     }

plugins/notification/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,240 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the batch command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-batch",
-          "markdownDescription": "Enables the batch command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the batch command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-batch",
-          "markdownDescription": "Denies the batch command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-cancel",
-          "markdownDescription": "Enables the cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the cancel command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-cancel",
-          "markdownDescription": "Denies the cancel command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-check-permissions",
-          "markdownDescription": "Enables the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the check_permissions command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-check-permissions",
-          "markdownDescription": "Denies the check_permissions command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the create_channel command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-create-channel",
-          "markdownDescription": "Enables the create_channel command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the create_channel command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-create-channel",
-          "markdownDescription": "Denies the create_channel command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the delete_channel command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-delete-channel",
-          "markdownDescription": "Enables the delete_channel command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the delete_channel command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-delete-channel",
-          "markdownDescription": "Denies the delete_channel command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get_active command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-active",
-          "markdownDescription": "Enables the get_active command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_active command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-active",
-          "markdownDescription": "Denies the get_active command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get_pending command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-pending",
-          "markdownDescription": "Enables the get_pending command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_pending command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-pending",
-          "markdownDescription": "Denies the get_pending command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the is_permission_granted command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-is-permission-granted",
-          "markdownDescription": "Enables the is_permission_granted command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the is_permission_granted command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-is-permission-granted",
-          "markdownDescription": "Denies the is_permission_granted command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the list_channels command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-list-channels",
-          "markdownDescription": "Enables the list_channels command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the list_channels command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-list-channels",
-          "markdownDescription": "Denies the list_channels command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the notify command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-notify",
-          "markdownDescription": "Enables the notify command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the notify command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-notify",
-          "markdownDescription": "Denies the notify command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the permission_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-permission-state",
-          "markdownDescription": "Enables the permission_state command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the permission_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-permission-state",
-          "markdownDescription": "Denies the permission_state command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the register_action_types command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-register-action-types",
-          "markdownDescription": "Enables the register_action_types command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the register_action_types command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-register-action-types",
-          "markdownDescription": "Denies the register_action_types command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the register_listener command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-register-listener",
-          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the register_listener command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-register-listener",
-          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the remove_active command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-remove-active",
-          "markdownDescription": "Enables the remove_active command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the remove_active command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-remove-active",
-          "markdownDescription": "Denies the remove_active command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the request_permission command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-request-permission",
-          "markdownDescription": "Enables the request_permission command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the request_permission command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-request-permission",
-          "markdownDescription": "Denies the request_permission command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the show command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-show",
-          "markdownDescription": "Enables the show command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the show command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-show",
-          "markdownDescription": "Denies the show command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n\n#### This default permission set includes:\n\n- `allow-is-permission-granted`\n- `allow-request-permission`\n- `allow-notify`\n- `allow-register-action-types`\n- `allow-register-listener`\n- `allow-cancel`\n- `allow-get-pending`\n- `allow-remove-active`\n- `allow-get-active`\n- `allow-check-permissions`\n- `allow-show`\n- `allow-batch`\n- `allow-list-channels`\n- `allow-delete-channel`\n- `allow-create-channel`\n- `allow-permission-state`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\nnotification features are by default exposed.\n\n#### Granted Permissions\n\nIt allows all notification related features.\n\n\n#### This default permission set includes:\n\n- `allow-is-permission-granted`\n- `allow-request-permission`\n- `allow-notify`\n- `allow-register-action-types`\n- `allow-register-listener`\n- `allow-cancel`\n- `allow-get-pending`\n- `allow-remove-active`\n- `allow-get-active`\n- `allow-check-permissions`\n- `allow-show`\n- `allow-batch`\n- `allow-list-channels`\n- `allow-delete-channel`\n- `allow-create-channel`\n- `allow-permission-state`"
+          "const": "iOS"
         }
       ]
     }

plugins/opener/build.rs

@@ -113,7 +113,10 @@ fn main() {
         .global_api_script_path("./api-iife.js")
         .android_path("android")
         .ios_path("ios")
-        .global_scope_schema(schemars::schema_for!(OpenerScopeEntry))
+        .global_scope_schema(
+            schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
+                .into_root_schema_for::<OpenerScopeEntry>(),
+        )
         .build();
 
     let target_os = std::env::var("CARGO_CFG_TARGET_OS").unwrap();

plugins/opener/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,90 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "This enables opening `mailto:`, `tel:`, `https://` and `http://` urls using their default application.",
-          "type": "string",
-          "const": "allow-default-urls",
-          "markdownDescription": "This enables opening `mailto:`, `tel:`, `https://` and `http://` urls using their default application."
-        },
-        {
-          "description": "Enables the open_path command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-open-path",
-          "markdownDescription": "Enables the open_path command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the open_path command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-open-path",
-          "markdownDescription": "Denies the open_path command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the open_url command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-open-url",
-          "markdownDescription": "Enables the open_url command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the open_url command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-open-url",
-          "markdownDescription": "Denies the open_url command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the reveal_item_in_dir command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-reveal-item-in-dir",
-          "markdownDescription": "Enables the reveal_item_in_dir command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the reveal_item_in_dir command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-reveal-item-in-dir",
-          "markdownDescription": "Denies the reveal_item_in_dir command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set allows opening `mailto:`, `tel:`, `https://` and `http://` urls using their default application\nas well as reveal file in directories using default file explorer\n#### This default permission set includes:\n\n- `allow-open-url`\n- `allow-reveal-item-in-dir`\n- `allow-default-urls`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set allows opening `mailto:`, `tel:`, `https://` and `http://` urls using their default application\nas well as reveal file in directories using default file explorer\n#### This default permission set includes:\n\n- `allow-open-url`\n- `allow-reveal-item-in-dir`\n- `allow-default-urls`"
+          "const": "iOS"
         }
       ]
     }

plugins/os/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,144 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the arch command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-arch",
-          "markdownDescription": "Enables the arch command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the arch command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-arch",
-          "markdownDescription": "Denies the arch command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the exe_extension command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-exe-extension",
-          "markdownDescription": "Enables the exe_extension command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the exe_extension command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-exe-extension",
-          "markdownDescription": "Denies the exe_extension command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the family command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-family",
-          "markdownDescription": "Enables the family command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the family command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-family",
-          "markdownDescription": "Denies the family command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the hostname command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-hostname",
-          "markdownDescription": "Enables the hostname command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the hostname command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-hostname",
-          "markdownDescription": "Denies the hostname command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the locale command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-locale",
-          "markdownDescription": "Enables the locale command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the locale command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-locale",
-          "markdownDescription": "Denies the locale command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the os_type command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-os-type",
-          "markdownDescription": "Enables the os_type command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the os_type command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-os-type",
-          "markdownDescription": "Denies the os_type command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the platform command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-platform",
-          "markdownDescription": "Enables the platform command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the platform command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-platform",
-          "markdownDescription": "Denies the platform command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the version command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-version",
-          "markdownDescription": "Enables the version command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the version command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-version",
-          "markdownDescription": "Denies the version command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`"
+          "const": "iOS"
         }
       ]
     }

plugins/positioner/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,84 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the move_window command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-move-window",
-          "markdownDescription": "Enables the move_window command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the move_window command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-move-window",
-          "markdownDescription": "Denies the move_window command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the move_window_constrained command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-move-window-constrained",
-          "markdownDescription": "Enables the move_window_constrained command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the move_window_constrained command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-move-window-constrained",
-          "markdownDescription": "Denies the move_window_constrained command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the set_tray_icon_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-set-tray-icon-state",
-          "markdownDescription": "Enables the set_tray_icon_state command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the set_tray_icon_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-set-tray-icon-state",
-          "markdownDescription": "Denies the set_tray_icon_state command without any pre-configured scope."
-        },
-        {
-          "description": "Allows the moveWindow and handleIconState APIs\n#### This default permission set includes:\n\n- `allow-move-window`\n- `allow-move-window-constrained`\n- `allow-set-tray-icon-state`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "Allows the moveWindow and handleIconState APIs\n#### This default permission set includes:\n\n- `allow-move-window`\n- `allow-move-window-constrained`\n- `allow-set-tray-icon-state`"
+          "const": "iOS"
         }
       ]
     }

plugins/process/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,72 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the exit command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-exit",
-          "markdownDescription": "Enables the exit command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the exit command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-exit",
-          "markdownDescription": "Denies the exit command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the restart command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-restart",
-          "markdownDescription": "Enables the restart command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the restart command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-restart",
-          "markdownDescription": "Denies the restart command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\nprocess features are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\nprocess features are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`"
+          "const": "iOS"
         }
       ]
     }

plugins/shell/build.rs

@@ -168,7 +168,10 @@ const COMMANDS: &[&str] = &["execute", "spawn", "stdin_write", "kill", "open"];
 fn main() {
     tauri_plugin::Builder::new(COMMANDS)
         .global_api_script_path("./api-iife.js")
-        .global_scope_schema(schemars::schema_for!(ShellScopeEntry))
+        .global_scope_schema(
+            schemars::SchemaGenerator::new(schemars::generate::SchemaSettings::draft07())
+                .into_root_schema_for::<ShellScopeEntry>(),
+        )
         .android_path("android")
         .ios_path("ios")
         .build();

plugins/shell/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,108 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the execute command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-execute",
-          "markdownDescription": "Enables the execute command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the execute command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-execute",
-          "markdownDescription": "Denies the execute command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the kill command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-kill",
-          "markdownDescription": "Enables the kill command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the kill command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-kill",
-          "markdownDescription": "Denies the kill command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the open command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-open",
-          "markdownDescription": "Enables the open command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the open command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-open",
-          "markdownDescription": "Denies the open command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the spawn command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-spawn",
-          "markdownDescription": "Enables the spawn command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the spawn command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-spawn",
-          "markdownDescription": "Denies the spawn command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the stdin_write command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-stdin-write",
-          "markdownDescription": "Enables the stdin_write command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the stdin_write command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-stdin-write",
-          "markdownDescription": "Denies the stdin_write command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`"
+          "const": "iOS"
         }
       ]
     }

plugins/single-instance/examples/vanilla/package.json

@@ -9,6 +9,6 @@
   "author": "",
   "license": "MIT",
   "devDependencies": {
-    "@tauri-apps/cli": "2.10.0"
+    "@tauri-apps/cli": "2.10.1"
   }
 }

plugins/sql/Cargo.toml

@@ -29,7 +29,8 @@ tauri = { workspace = true }
 log = { workspace = true }
 thiserror = { workspace = true }
 futures-core = "0.3"
-sqlx = { version = "0.8", features = ["json", "time", "uuid"] }
+sqlx = { version = "0.8", features = ["json", "time", "uuid", "rust_decimal"] }
+rust_decimal = "1"
 time = "0.3"
 tokio = { version = "1", features = ["sync"] }
 indexmap = { version = "2", features = ["serde"] }

plugins/sql/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,96 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the close command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-close",
-          "markdownDescription": "Enables the close command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the close command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-close",
-          "markdownDescription": "Denies the close command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the execute command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-execute",
-          "markdownDescription": "Enables the execute command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the execute command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-execute",
-          "markdownDescription": "Denies the execute command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the load command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-load",
-          "markdownDescription": "Enables the load command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the load command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-load",
-          "markdownDescription": "Denies the load command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the select command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-select",
-          "markdownDescription": "Enables the select command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the select command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-select",
-          "markdownDescription": "Denies the select command without any pre-configured scope."
-        },
-        {
-          "description": "### Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "### Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`"
+          "const": "iOS"
         }
       ]
     }

plugins/sql/src/decode/postgres.rs

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
+use rust_decimal::prelude::ToPrimitive;
 use serde_json::Value as JsonValue;
 use sqlx::{postgres::PgValueRef, TypeInfo, Value, ValueRef};
 use time::{Date, OffsetDateTime, PrimitiveDateTime, Time};
@@ -107,8 +108,28 @@ pub(crate) fn to_json(v: PgValueRef) -> Result<JsonValue, Error> {
                 JsonValue::Null
             }
         }
+        "NUMERIC" => {
+            if let Ok(v) = ValueRef::to_owned(&v).try_decode::<rust_decimal::Decimal>() {
+                if let Some(n) = v.to_f64().and_then(serde_json::Number::from_f64) {
+                    JsonValue::Number(n)
+                } else {
+                    JsonValue::String(v.to_string())
+                }
+            } else {
+                JsonValue::Null
+            }
+        }
         "VOID" => JsonValue::Null,
-        _ => return Err(Error::UnsupportedDatatype(v.type_info().name().to_string())),
+        // Handle custom types (enums, domains, etc.) by trying to decode as string
+        _ => {
+            let type_name = v.type_info().name().to_string();
+            if let Ok(v) = ValueRef::to_owned(&v).try_decode_unchecked::<String>() {
+                log::warn!("unsupported type {type_name} decoded as string");
+                JsonValue::String(v)
+            } else {
+                return Err(Error::UnsupportedDatatype(v.type_info().name().to_string()));
+            }
+        }
     };
 
     Ok(res)

plugins/store/examples/AppSettingsManager/package.json

@@ -8,7 +8,7 @@
     "tauri": "tauri"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "2.10.0",
+    "@tauri-apps/cli": "2.10.1",
     "typescript": "^5.7.3",
     "vite": "^7.3.1"
   }

plugins/store/examples/AppSettingsManager/src-tauri/src/app/settings.rs

@@ -10,10 +10,8 @@ pub struct AppSettings {
     pub theme: String,
 }
 
-impl AppSettings {
-    pub fn load_from_store<R: tauri::Runtime>(
-        store: &Store<R>,
-    ) -> Result<Self, Box<dyn std::error::Error>> {
+impl<R: tauri::Runtime> From<&Store<R>> for AppSettings {
+    fn from(store: &Store<R>) -> Self {
         let launch_at_login = store
             .get("appSettings.launchAtLogin")
             .and_then(|v| v.as_bool())
@@ -24,9 +22,9 @@ impl AppSettings {
             .and_then(|v| v.as_str().map(String::from))
             .unwrap_or_else(|| "dark".to_owned());
 
-        Ok(AppSettings {
+        AppSettings {
             launch_at_login,
             theme,
-        })
+        }
     }
 }

plugins/store/examples/AppSettingsManager/src-tauri/src/main.rs

@@ -18,28 +18,22 @@ fn main() {
         .setup(|app| {
             // Init store and load it from disk
             let store = app.store("settings.json")?;
+
             app.listen("store://change", |event| {
                 dbg!(event);
             });
-            let app_settings = AppSettings::load_from_store(&store);
-            match app_settings {
-                Ok(app_settings) => {
-                    let theme = app_settings.theme;
-                    let launch_at_login = app_settings.launch_at_login;
 
-                    println!("theme {theme}");
-                    println!("launch_at_login {launch_at_login}");
-                    store.set(
-                        "appSettings",
-                        json!({ "theme": theme, "launchAtLogin": launch_at_login }),
-                    );
-                }
-                Err(err) => {
-                    eprintln!("Error loading settings: {err}");
-                    // Handle the error case if needed
-                    return Err(err); // Convert the error to a Box<dyn Error> and return Err(err) here
-                }
-            }
+            let app_settings = AppSettings::from(store.as_ref());
+            let theme = app_settings.theme;
+            let launch_at_login = app_settings.launch_at_login;
+
+            println!("theme {theme}");
+            println!("launch_at_login {launch_at_login}");
+            store.set(
+                "appSettings",
+                json!({ "theme": theme, "launchAtLogin": launch_at_login }),
+            );
+
             Ok(())
         })
         .run(tauri::generate_context!())

plugins/store/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,216 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the clear command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-clear",
-          "markdownDescription": "Enables the clear command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the clear command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-clear",
-          "markdownDescription": "Denies the clear command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the delete command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-delete",
-          "markdownDescription": "Enables the delete command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the delete command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-delete",
-          "markdownDescription": "Denies the delete command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the entries command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-entries",
-          "markdownDescription": "Enables the entries command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the entries command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-entries",
-          "markdownDescription": "Denies the entries command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get",
-          "markdownDescription": "Enables the get command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get",
-          "markdownDescription": "Denies the get command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get_store command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-store",
-          "markdownDescription": "Enables the get_store command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_store command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-store",
-          "markdownDescription": "Denies the get_store command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the has command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-has",
-          "markdownDescription": "Enables the has command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the has command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-has",
-          "markdownDescription": "Denies the has command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the keys command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-keys",
-          "markdownDescription": "Enables the keys command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the keys command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-keys",
-          "markdownDescription": "Denies the keys command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the length command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-length",
-          "markdownDescription": "Enables the length command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the length command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-length",
-          "markdownDescription": "Denies the length command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the load command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-load",
-          "markdownDescription": "Enables the load command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the load command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-load",
-          "markdownDescription": "Denies the load command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the reload command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-reload",
-          "markdownDescription": "Enables the reload command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the reload command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-reload",
-          "markdownDescription": "Denies the reload command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the reset command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-reset",
-          "markdownDescription": "Enables the reset command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the reset command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-reset",
-          "markdownDescription": "Denies the reset command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save",
-          "markdownDescription": "Enables the save command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save",
-          "markdownDescription": "Denies the save command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the set command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-set",
-          "markdownDescription": "Enables the set command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the set command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-set",
-          "markdownDescription": "Denies the set command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the values command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-values",
-          "markdownDescription": "Enables the values command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the values command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-values",
-          "markdownDescription": "Denies the values command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\noperations are available from the store plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-load`\n- `allow-get-store`\n- `allow-set`\n- `allow-get`\n- `allow-has`\n- `allow-delete`\n- `allow-clear`\n- `allow-reset`\n- `allow-keys`\n- `allow-values`\n- `allow-entries`\n- `allow-length`\n- `allow-reload`\n- `allow-save`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\noperations are available from the store plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-load`\n- `allow-get-store`\n- `allow-set`\n- `allow-get`\n- `allow-has`\n- `allow-delete`\n- `allow-clear`\n- `allow-reset`\n- `allow-keys`\n- `allow-values`\n- `allow-entries`\n- `allow-length`\n- `allow-reload`\n- `allow-save`"
+          "const": "iOS"
         }
       ]
     }

plugins/stronghold/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,180 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the create_client command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-create-client",
-          "markdownDescription": "Enables the create_client command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the create_client command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-create-client",
-          "markdownDescription": "Denies the create_client command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the destroy command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-destroy",
-          "markdownDescription": "Enables the destroy command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the destroy command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-destroy",
-          "markdownDescription": "Denies the destroy command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the execute_procedure command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-execute-procedure",
-          "markdownDescription": "Enables the execute_procedure command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the execute_procedure command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-execute-procedure",
-          "markdownDescription": "Denies the execute_procedure command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the get_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-get-store-record",
-          "markdownDescription": "Enables the get_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the get_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-get-store-record",
-          "markdownDescription": "Denies the get_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the initialize command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-initialize",
-          "markdownDescription": "Enables the initialize command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the initialize command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-initialize",
-          "markdownDescription": "Denies the initialize command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the load_client command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-load-client",
-          "markdownDescription": "Enables the load_client command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the load_client command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-load-client",
-          "markdownDescription": "Denies the load_client command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the remove_secret command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-remove-secret",
-          "markdownDescription": "Enables the remove_secret command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the remove_secret command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-remove-secret",
-          "markdownDescription": "Denies the remove_secret command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the remove_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-remove-store-record",
-          "markdownDescription": "Enables the remove_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the remove_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-remove-store-record",
-          "markdownDescription": "Denies the remove_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save",
-          "markdownDescription": "Enables the save command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save",
-          "markdownDescription": "Denies the save command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save_secret command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save-secret",
-          "markdownDescription": "Enables the save_secret command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save_secret command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save-secret",
-          "markdownDescription": "Denies the save_secret command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save-store-record",
-          "markdownDescription": "Enables the save_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save_store_record command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save-store-record",
-          "markdownDescription": "Denies the save_store_record command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\noperations are available from the stronghold plugin.\n\n#### Granted Permissions\n\nAll non-destructive operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-create-client`\n- `allow-get-store-record`\n- `allow-initialize`\n- `allow-execute-procedure`\n- `allow-load-client`\n- `allow-save-secret`\n- `allow-save-store-record`\n- `allow-save`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\noperations are available from the stronghold plugin.\n\n#### Granted Permissions\n\nAll non-destructive operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-create-client`\n- `allow-get-store-record`\n- `allow-initialize`\n- `allow-execute-procedure`\n- `allow-load-client`\n- `allow-save-secret`\n- `allow-save-store-record`\n- `allow-save`"
+          "const": "iOS"
         }
       ]
     }

plugins/updater/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,96 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the check command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-check",
-          "markdownDescription": "Enables the check command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the check command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-check",
-          "markdownDescription": "Denies the check command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the download command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-download",
-          "markdownDescription": "Enables the download command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the download command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-download",
-          "markdownDescription": "Denies the download command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the download_and_install command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-download-and-install",
-          "markdownDescription": "Enables the download_and_install command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the download_and_install command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-download-and-install",
-          "markdownDescription": "Denies the download_and_install command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the install command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-install",
-          "markdownDescription": "Enables the install command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the install command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-install",
-          "markdownDescription": "Denies the install command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n\n#### This default permission set includes:\n\n- `allow-check`\n- `allow-download`\n- `allow-install`\n- `allow-download-and-install`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures which kind of\nupdater functions are exposed to the frontend.\n\n#### Granted Permissions\n\nThe full workflow from checking for updates to installing them\nis enabled.\n\n\n#### This default permission set includes:\n\n- `allow-check`\n- `allow-download`\n- `allow-install`\n- `allow-download-and-install`"
+          "const": "iOS"
         }
       ]
     }

plugins/updater/src/updater.rs

@@ -949,7 +949,7 @@ impl Update {
     }
 }
 
-/// Linux (AppImage and Deb)
+/// Linux (AppImage, Deb, RPM)
 #[cfg(any(
     target_os = "linux",
     target_os = "dragonfly",
@@ -962,6 +962,7 @@ impl Update {
     /// ├── [AppName]_[version]_amd64.AppImage.tar.gz    # GZ generated by tauri-bundler
     /// │   └──[AppName]_[version]_amd64.AppImage        # Application AppImage
     /// ├── [AppName]_[version]_amd64.deb                # Debian package
+    /// ├── [AppName]_[version]_amd64.rpm                # RPM package
     /// └── ...
     ///
     fn install_inner(&self, bytes: &[u8]) -> Result<()> {
@@ -1052,7 +1053,7 @@ impl Update {
             return Err(Error::InvalidUpdaterFormat);
         }
 
-        self.try_tmp_locations(bytes, "dpkg", "-i")
+        self.try_tmp_locations(bytes, "dpkg", "-i", "deb")
     }
 
     fn install_rpm(&self, bytes: &[u8]) -> Result<()> {
@@ -1060,10 +1061,16 @@ impl Update {
         if !infer::archive::is_rpm(bytes) {
             return Err(Error::InvalidUpdaterFormat);
         }
-        self.try_tmp_locations(bytes, "rpm", "-U")
+        self.try_tmp_locations(bytes, "rpm", "-U", "rpm")
     }
 
-    fn try_tmp_locations(&self, bytes: &[u8], install_cmd: &str, install_arg: &str) -> Result<()> {
+    fn try_tmp_locations(
+        &self,
+        bytes: &[u8],
+        install_cmd: &str,
+        install_arg: &str,
+        package_extension: &str,
+    ) -> Result<()> {
         // Try different temp directories
         let tmp_dir_locations = vec![
             Box::new(|| Some(std::env::temp_dir())) as Box<dyn FnOnce() -> Option<PathBuf>>,
@@ -1074,13 +1081,11 @@ impl Update {
         // Try writing to multiple temp locations until one succeeds
         for tmp_dir_location in tmp_dir_locations {
             if let Some(path) = tmp_dir_location() {
-                if let Ok(tmp_dir) = tempfile::Builder::new()
-                    .prefix("tauri_rpm_update")
-                    .tempdir_in(path)
-                {
-                    let pkg_path = tmp_dir.path().join("package.rpm");
+                let prefix = format!("tauri_{package_extension}_update");
+                if let Ok(tmp_dir) = tempfile::Builder::new().prefix(&prefix).tempdir_in(path) {
+                    let pkg_path = tmp_dir.path().join(format!("package.{package_extension}"));
 
-                    // Try writing the .deb file
+                    // Try writing the .deb / .rpm file
                     if std::fs::write(&pkg_path, bytes).is_ok() {
                         // If write succeeds, proceed with installation
                         return self.try_install_with_privileges(
@@ -1112,7 +1117,7 @@ impl Update {
             .status()
         {
             if status.success() {
-                log::debug!("installed deb with pkexec");
+                log::debug!("installed {pkg_path:?} with pkexec");
                 return Ok(());
             }
         }
@@ -1120,7 +1125,7 @@ impl Update {
         // 2. Try zenity or kdialog for a graphical sudo experience
         if let Ok(password) = self.get_password_graphically() {
             if self.install_with_sudo(pkg_path, &password, install_cmd, install_arg)? {
-                log::debug!("installed deb with GUI sudo");
+                log::debug!("installed {pkg_path:?} with GUI sudo");
                 return Ok(());
             }
         }
@@ -1133,7 +1138,7 @@ impl Update {
             .status()?;
 
         if status.success() {
-            log::debug!("installed deb with sudo");
+            log::debug!("installed {pkg_path:?} with sudo");
             Ok(())
         } else {
             Err(Error::PackageInstallFailed)

plugins/updater/tests/updater-migration/v1-app/Cargo.lock

@@ -506,7 +506,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13b588ba4ac1a99f7f2964d24b3d896ddc6bf847ee3855dbd4366f058cfcd331"
 dependencies = [
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -516,7 +516,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f"
 dependencies = [
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -540,7 +540,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -551,17 +551,17 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
 name = "deranged"
-version = "0.3.11"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
 dependencies = [
  "powerfmt",
- "serde",
+ "serde_core",
 ]
 
 [[package]]
@@ -574,7 +574,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rustc_version",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -807,7 +807,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1732,9 +1732,9 @@ dependencies = [
 
 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
 
 [[package]]
 name = "num-traits"
@@ -1843,7 +1843,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2028,7 +2028,7 @@ dependencies = [
  "phf_shared 0.11.2",
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2549,22 +2549,32 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.205"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.205"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2588,7 +2598,7 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2639,7 +2649,7 @@ dependencies = [
  "darling",
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2819,9 +2829,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.72"
+version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3197,7 +3207,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3212,30 +3222,30 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.36"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
  "deranged",
  "itoa 1.0.11",
  "num-conv",
  "powerfmt",
- "serde",
+ "serde_core",
  "time-core",
  "time-macros",
 ]
 
 [[package]]
 name = "time-core"
-version = "0.1.2"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
 
 [[package]]
 name = "time-macros"
-version = "0.2.18"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
  "num-conv",
  "time-core",
@@ -3400,7 +3410,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -3610,7 +3620,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
  "wasm-bindgen-shared",
 ]
 
@@ -3644,7 +3654,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -4214,7 +4224,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.72",
+ "syn 2.0.87",
 ]
 
 [[package]]

plugins/upload/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,72 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the download command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-download",
-          "markdownDescription": "Enables the download command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the download command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-download",
-          "markdownDescription": "Denies the download command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the upload command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-upload",
-          "markdownDescription": "Enables the upload command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the upload command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-upload",
-          "markdownDescription": "Denies the upload command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`"
+          "const": "iOS"
         }
       ]
     }

plugins/websocket/examples/tauri-app/package.json

@@ -9,7 +9,7 @@
     "preview": "vite preview"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "2.10.0",
+    "@tauri-apps/cli": "2.10.1",
     "typescript": "^5.7.3",
     "vite": "^7.3.1"
   },

plugins/websocket/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,72 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the connect command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-connect",
-          "markdownDescription": "Enables the connect command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the connect command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-connect",
-          "markdownDescription": "Denies the connect command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the send command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-send",
-          "markdownDescription": "Enables the send command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the send command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-send",
-          "markdownDescription": "Denies the send command without any pre-configured scope."
-        },
-        {
-          "description": "Allows connecting and sending data to a WebSocket server\n#### This default permission set includes:\n\n- `allow-connect`\n- `allow-send`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "Allows connecting and sending data to a WebSocket server\n#### This default permission set includes:\n\n- `allow-connect`\n- `allow-send`"
+          "const": "iOS"
         }
       ]
     }

plugins/window-state/permissions/schemas/schema.json

@@ -24,20 +24,17 @@
     },
     "permission": {
       "description": "A list of inlined permissions",
-      "default": [],
       "type": "array",
       "items": {
         "$ref": "#/definitions/Permission"
-      }
+      },
+      "default": []
     }
   },
   "definitions": {
     "DefaultPermission": {
       "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
       "type": "object",
-      "required": [
-        "permissions"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -46,10 +43,10 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -62,16 +59,14 @@
             "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "permissions"
+      ]
     },
     "PermissionSet": {
       "description": "A set of direct permissions grouped together under a new name.",
       "type": "object",
-      "required": [
-        "description",
-        "identifier",
-        "permissions"
-      ],
       "properties": {
         "identifier": {
           "description": "A unique identifier for the permission.",
@@ -85,17 +80,19 @@
           "description": "All permissions this set contains.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/PermissionKind"
+            "type": "string"
           }
         }
-      }
+      },
+      "required": [
+        "identifier",
+        "description",
+        "permissions"
+      ]
     },
     "Permission": {
       "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
       "type": "object",
-      "required": [
-        "identifier"
-      ],
       "properties": {
         "version": {
           "description": "The version of the permission.",
@@ -104,14 +101,14 @@
             "null"
           ],
           "format": "uint64",
-          "minimum": 1.0
+          "minimum": 1
         },
         "identifier": {
           "description": "A unique identifier for the permission.",
           "type": "string"
         },
         "description": {
-          "description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
+          "description": "Human-readable description of what the permission does.\nTauri internal convention is to use `<h4>` headings in markdown content\nfor Tauri documentation generation purposes.",
           "type": [
             "string",
             "null"
@@ -147,7 +144,10 @@
             "$ref": "#/definitions/Target"
           }
         }
-      }
+      },
+      "required": [
+        "identifier"
+      ]
     },
     "Commands": {
       "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
@@ -155,24 +155,24 @@
       "properties": {
         "allow": {
           "description": "Allowed command.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         },
         "deny": {
           "description": "Denied command, which takes priority.",
-          "default": [],
           "type": "array",
           "items": {
             "type": "string"
-          }
+          },
+          "default": []
         }
       }
     },
     "Scopes": {
-      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
+      "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command.\nThe configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json\n{\n  \"allow\": [{ \"path\": \"$HOME/**\" }],\n  \"deny\": [{ \"path\": \"$HOME/secret.txt\" }]\n}\n```",
       "type": "object",
       "properties": {
         "allow": {
@@ -257,84 +257,27 @@
         {
           "description": "MacOS.",
           "type": "string",
-          "enum": [
-            "macOS"
-          ]
+          "const": "macOS"
         },
         {
           "description": "Windows.",
           "type": "string",
-          "enum": [
-            "windows"
-          ]
+          "const": "windows"
         },
         {
           "description": "Linux.",
           "type": "string",
-          "enum": [
-            "linux"
-          ]
+          "const": "linux"
         },
         {
           "description": "Android.",
           "type": "string",
-          "enum": [
-            "android"
-          ]
+          "const": "android"
         },
         {
           "description": "iOS.",
           "type": "string",
-          "enum": [
-            "iOS"
-          ]
-        }
-      ]
-    },
-    "PermissionKind": {
-      "type": "string",
-      "oneOf": [
-        {
-          "description": "Enables the filename command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-filename",
-          "markdownDescription": "Enables the filename command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the filename command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-filename",
-          "markdownDescription": "Denies the filename command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the restore_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-restore-state",
-          "markdownDescription": "Enables the restore_state command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the restore_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-restore-state",
-          "markdownDescription": "Denies the restore_state command without any pre-configured scope."
-        },
-        {
-          "description": "Enables the save_window_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "allow-save-window-state",
-          "markdownDescription": "Enables the save_window_state command without any pre-configured scope."
-        },
-        {
-          "description": "Denies the save_window_state command without any pre-configured scope.",
-          "type": "string",
-          "const": "deny-save-window-state",
-          "markdownDescription": "Denies the save_window_state command without any pre-configured scope."
-        },
-        {
-          "description": "This permission set configures what kind of\noperations are available from the window state plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-filename`\n- `allow-restore-state`\n- `allow-save-window-state`",
-          "type": "string",
-          "const": "default",
-          "markdownDescription": "This permission set configures what kind of\noperations are available from the window state plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-filename`\n- `allow-restore-state`\n- `allow-save-window-state`"
+          "const": "iOS"
         }
       ]
     }

renovate.json

@@ -1,6 +1,5 @@
 {
   "extends": ["config:recommended"],
-  "baseBranches": ["v2", "v1"],
   "enabledManagers": ["cargo", "npm"],
   "labels": ["dependencies"],
   "ignorePaths": [