Tauri Sandbox Permissions — Why Your Command Silently Does Nothing

hiyoyo Posted on May 30 Tauri Sandbox Permissions — Why Your Command Silently Does Nothing # tauri # rust # webdev # programming All tests run on an 8-year-old MacBook Air. All results from shipping 7 Mac apps as a solo developer. No sponsored opinion. The most common Tauri v2 frustration: you write a command, invoke it from the frontend, and nothing happens. No error. No crash. Just silence. It's almost always permissions. How Tauri v2 permissions work Tauri v2 introduced a capability system. Every plugin action — reading files, executing shell commands, sending notifications — requires an explicit permission declaration in your config. Without the permission, the plugin call fails silently on the frontend. The Rust code never runs. // src-tauri/capabilities/main.json { "identifier" : "main-capability" , "description" : "Permissions for main window" , "windows" : [ "main" ], "permissions" : [ "core:default" , "fs:read-all" , "fs:write-all" , "shell:allow-execute" , "opener:allow-open" , "global-shortcut:allow-register" , "global-shortcut:allow-unregister" ] } Enter fullscreen mode Exit fullscreen mode Note: As of Tauri v2.1, shell:allow-open is deprecated. Use tauri-plugin-opener and opener:allow-open instead. The debugging flow When a command does nothing: Open DevTools ( Cmd+Option+I in dev mode) — check the console for a rejected Promise or permission error Check your terminal output — the Rust side logs errors directly in the tauri dev terminal; look for lines like [tauri] permission denied or not allowed Enable verbose logging — set RUST_LOG=tauri=debug before running tauri dev for more detailed backend output Check your capabilities file — missing or misspelled permission identifiers are the #1 cause Permission errors in the console typically look like a rejected Promise with a message such as plugin:shell|execute not allowed . The capabilities file is always the first thing to check. Common permissions you'll need "permissions" : [ "core:default" , "fs:read-