Loading...
Loading...
Explains the Tauri process model architecture including the Core process, WebView process, inter-process communication, multiwindow handling, and process isolation security patterns.
npx skill4agent add dchuk/claude-code-tauri-skills understanding-tauri-process-model+------------------------------------------------------------------+
| TAURI APPLICATION |
+------------------------------------------------------------------+
| |
| +-----------------------------+ |
| | CORE PROCESS | |
| | (Rust) | |
| | | |
| | +----------------------+ | |
| | | Window Manager | | |
| | +----------------------+ | |
| | | System Tray | | |
| | +----------------------+ | |
| | | Global State | | |
| | +----------------------+ | |
| | | IPC Router | | |
| | +----------------------+ | |
| | | OS Abstractions | | |
| +-------------+---------------+ |
| | |
| | IPC (Inter-Process Communication) |
| | |
| +----------+----------+----------+ |
| | | | | |
| v v v v |
| +------+ +------+ +------+ +------+ |
| |WebView| |WebView| |WebView| |WebView| |
| | #1 | | #2 | | #3 | | #N | |
| +------+ +------+ +------+ +------+ |
| | HTML | | HTML | | HTML | | HTML | |
| | CSS | | CSS | | CSS | | CSS | |
| | JS | | JS | | JS | | JS | |
| +------+ +------+ +------+ +------+ |
| |
+------------------------------------------------------------------+| Responsibility | Description |
|---|---|
| Window Management | Creates and orchestrates application windows |
| System Integration | Manages system tray menus and notifications |
| IPC Routing | Handles all inter-process communication |
| Global State | Manages application-wide settings and database connections |
| OS Abstractions | Provides cross-platform APIs |
+------------------------------------------+
| CORE PROCESS |
| |
| Memory Safety via Rust Ownership: |
| - No null pointers |
| - No buffer overflows |
| - No data races |
| - No use-after-free |
| |
| Full OS Access: |
| - File system |
| - Network |
| - System APIs |
| - Hardware interfaces |
+------------------------------------------++------------------+------------------+------------------+
| WINDOWS | MACOS | LINUX |
+------------------+------------------+------------------+
| | | |
| Microsoft Edge | WKWebView | webkitgtk |
| WebView2 | | |
| | | |
| Chromium-based | Safari engine | WebKit engine |
| | | |
+------------------+------------------+------------------+
| | |
+------------------+------------------+
|
Dynamic Linking
(Not bundled)
|
Smaller executables+----------------+ +----------------+
| WebView A | | WebView B |
| | | |
| invoke() ----+---->+----------------+<------+---- invoke() |
| | | CORE PROCESS | | |
| <---- listen |<----+ +------>| listen ----> |
| | | - Validates | | |
+----------------+ | - Routes | +----------------+
| - Filters |
| - Transforms |
+----------------+
|
v
+----------------+
| OS / System |
| Resources |
+----------------+invoke()import { invoke } from '@tauri-apps/api/core';
// Call a Rust command
const result = await invoke('greet', { name: 'World' });#[tauri::command]
fn greet(name: &str) -> String {
format!("Hello, {}!", name)
} +-------------------+
| CORE PROCESS |
| |
| Shared State: |
| - User session |
| - App config |
| - DB connection |
+-------------------+
/|\
/ | \
/ | \
/ | \
/ | \
v v v
+------+ +------+ +------+
|Main | |Settings| |About|
|Window| |Window | |Window|
+------+ +------+ +------+use tauri::Manager;
#[tauri::command]
fn open_settings(app: tauri::AppHandle) {
tauri::WebviewWindowBuilder::new(
&app,
"settings",
tauri::WebviewUrl::App("settings.html".into())
)
.title("Settings")
.build()
.unwrap();
}use tauri::Manager;
#[tauri::command]
fn broadcast_update(app: tauri::AppHandle, data: String) {
// Emit to all windows
app.emit("data-updated", data).unwrap();
}use tauri::Manager;
#[tauri::command]
fn notify_window(app: tauri::AppHandle, window_label: String, data: String) {
if let Some(window) = app.get_webview_window(&window_label) {
window.emit("notification", data).unwrap();
}
}"If you have a gardener coming over to trim your hedge, you give them the key to your garden. You would not give them the keys to your house."
+------------------------------------------------------------------+
| SECURITY BOUNDARIES |
+------------------------------------------------------------------+
| |
| +---------------------------+ +---------------------------+ |
| | CORE PROCESS | | WEBVIEW PROCESS | |
| | (Trusted Zone) | | (Untrusted Zone) | |
| +---------------------------+ +---------------------------+ |
| | | | | |
| | - File system access | | - Render UI only | |
| | - Database connections | | - User input handling | |
| | - Network requests | | - Display data | |
| | - Crypto operations | | - Call allowed commands | |
| | - Secrets management | | | |
| | - Business logic | | NO DIRECT ACCESS TO: | |
| | | | - File system | |
| | | | - Network (direct) | |
| | | | - System APIs | |
| +---------------------------+ +---------------------------+ |
| |
+------------------------------------------------------------------+| Benefit | Description |
|---|---|
| Crash Containment | Failures in one process don't crash the entire app |
| State Recovery | Invalid processes can be restarted independently |
| Attack Surface Reduction | Compromised WebView has limited capabilities |
| Resource Protection | Sensitive data stays in Core process |
+------------------+ +------------------+ +------------------+
| Main Window | | Settings Window | | Viewer Window |
+------------------+ +------------------+ +------------------+
| Capabilities: | | Capabilities: | | Capabilities: |
| - read_file | | - read_config | | - read_file |
| - write_file | | - write_config | | (read only) |
| - network | | | | |
| - notifications | | | | |
+------------------+ +------------------+ +------------------+{
"identifier": "main-capability",
"description": "Capability for the main window",
"windows": ["main"],
"permissions": [
"core:default",
"fs:read-files",
"fs:write-files",
"http:default"
]
}+------------------------------------------------------------------+
| APPLICATION LIFECYCLE |
+------------------------------------------------------------------+
| |
| 1. App Launch |
| +------------------+ |
| | Core Process | <-- Starts first |
| | Initializes | |
| +------------------+ |
| | |
| v |
| 2. Window Creation |
| +------------------+ |
| | WebView Process | <-- Core creates WebViews |
| | Spawned | |
| +------------------+ |
| | |
| v |
| 3. Running |
| +--------+ IPC +----------+ |
| | Core |<--------->| WebViews | |
| +--------+ +----------+ |
| | |
| v |
| 4. Shutdown |
| +------------------+ |
| | WebViews close | <-- WebViews terminate first |
| | Core cleans up | <-- Core process exits last |
| +------------------+ |
| |
+------------------------------------------------------------------+| Aspect | Core Process | WebView Process |
|---|---|---|
| Language | Rust | JavaScript/TypeScript |
| Quantity | One per app | One or more per app |
| OS Access | Full | None (via IPC only) |
| Role | Backend, orchestration | UI rendering |
| Security | Trusted | Untrusted |
| Crash Impact | App terminates | Window closes |