All tests run on an 8-year-old MacBook Air.
My Swift CLI binary worked perfectly from the terminal.
Inside Tauri, it silently failed. No error. No output. Nothing.
Two days later I found the problem: sandbox permissions.
What Tauri's sandbox blocks by default
Tauri apps run in a macOS sandbox. Out of the box, your app cannot:
- Execute external binaries
- Access files outside a small set of allowed paths
- Open network sockets (unless explicitly allowed)
- Write to arbitrary disk locations
All of these fail silently unless you know to look.
The fix: capabilities config
In Tauri v2, permissions live in src-tauri/capabilities/:
{"identifier":"main-capability","description":"Main window permissions","windows":["main"],"permissions":["shell:allow-execute","shell:allow-stdin","fs:allow-read-files","fs:allow-write-files","fs:allow-app-cache-write"]}shell:allow-execute is what unlocks external binary execution. Without it, Command::new() returns nothing — no error, just silence.
The silent failure problem
The worst part isn't that it fails. It's that it fails quietly.
// This returns Ok(output) even when sandbox blocks it
// output.stdout is just empty
let output = Command::new("my-binary").output()?;
// You need to check stderr AND status code
if !output.status.success() {
eprintln!("stderr: {}", String::from_utf8_lossy(&output.stderr));
}
Always check output.status.success() and output.stderr. The sandbox doesn't propagate errors the way you'd expect.
Lesson
Read the Tauri v2 capabilities docs before you write a single line of shell integration code. I didn't. It cost me two days.
Hiyoko PDF Vault → https://hiyokoko.gumroad.com/l/HiyokoPDFVault
X → @hiyoyok