(no title)

The architecture here is the important part though. Keeping all the crypto in the Rust backend and treating the webview as an untrusted render layer is exactly right. Even if someone slips something into a frontend dependency, they can't get at plaintext because the decryption never happens in JS. Tauri v2's new ACL permission model helps too — you can lock down which commands the webview is even allowed to call.

If you want to make the supply chain story more concrete, `cargo-vet` would be a nice addition. It's Mozilla's tool for auditing crate dependencies and would directly answer the "how do I trust all this Rust code" question.