--- name: Tauri config type: architecture-map-page slice: 02-tauri-runtime last_verified: 2026/05/09 --- # Tauri config > **Where you are:** [Architecture map](../README.md) → [Tauri runtime](README.md) → Tauri config **Plain English summary.** The base `tauri.conf.json` declares the bundle identity, the main window size and chrome, the Content Security Policy, and the icons. The Linux overlay flips the main window from frameless to native-decorations, because Tauri's frameless path on Wayland does not honour diagonal resize reliably and webkit2gtk's drag-region adds latency. ## At a glance - Paths: `src-tauri/tauri.conf.json` (43 LOC), `src-tauri/tauri.linux.conf.json` (17 LOC). - Identifier: `uk.co.corbel.lumotia`. - Tauri version targeted: schema `https://schema.tauri.app/config/2`. - Main window labels: `main` (defined here), plus `tasks-float`, `transcript-viewer`, `transcription-preview` (built imperatively from `commands::windows`). - Frontend: `npm run dev:frontend` for dev (port 1420), `npm run build` produces `../build` for release. - Tauri commands exposed: none (config files only). - Events emitted: none. - Depends on: nothing at runtime; consumed by `tauri-build` in `build.rs` and by `build.rs::assert_loopback_llm_csp` (build-time CSP regression guard). - Called from frontend at: the dev URL is what `vite` ships to during `cargo tauri dev`. ## What's in here ### `tauri.conf.json` ``` productName: "Lumotia" version: "0.1.0" identifier: "uk.co.corbel.lumotia" ``` #### `build` ``` beforeDevCommand: "npm run dev:frontend" devUrl: "http://localhost:1420" beforeBuildCommand: "npm run build" frontendDist: "../build" ``` #### `app.windows[0]` The main window. Title `"Lumotia"`, 1020×720 (min 960×600), centred, resizable, **frameless** (`decorations: false`). The Linux overlay flips this to `decorations: true`. #### `app.security.csp` ``` default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset: https://asset.localhost; connect-src ipc: http://ipc.localhost asset: https://asset.localhost http://127.0.0.1:* ws://127.0.0.1:*; media-src 'self' asset: https://asset.localhost ``` The two `http://127.0.0.1:*` and `ws://127.0.0.1:*` entries are pinned by the build-time guard in `src-tauri/build.rs:30`. They must stay (so the bundled llama.cpp server / a BYO Ollama install can be `fetch()`-ed from the webview), and `localhost:*` must stay forbidden (so endpoints normalise to a single name and are never bypassed by the resolver). See [Tests](tests.md) for the runtime assertion. `'unsafe-inline'` is permitted for `style-src` because Svelte injects component-scoped styles; without it, every `