# tauri-plugin-hdiff-update
Tauri 2 plugin for signed and transactional installed-file updates.
The default permission exposes only:
- `prepare_file_update`
- `launch_file_update`
- `prepare_full_update`
- `launch_full_update`
Preparation verifies the installed source tree, downloads and verifies a
directory patch, applies it to staging, and verifies every target file. Launch
starts a non-elevated supervisor; after the application exits it invokes the
same signed application binary as a constrained elevated worker. The worker
commits managed paths with a journal and rollback backup.
Both directory patches and the official Tauri full installer are prepared in
an application-owned disk cache. A verified prepared update is reused instead
of downloaded again. When the application starts with a pending update, the
bootstrap applies it before the normal UI starts. Full installers are resolved
from the official Tauri update manifest and verified with the compiled Minisign
public key before they become launchable.
The consuming application must call `maybe_run_file_update_helper` before Tauri
startup, pass the same compile-time configuration to `init(config)`, and call
`confirm_file_update_startup` after setup succeeds. The trusted public-key ring,
application id, current version, updater public key, main executable, managed
paths, and bundled `hpatchz` path never come from frontend arguments.
See the repository README and commercial directory update specification for the
complete integration contract.