Deployment
What you’ll learn
Section titled “What you’ll learn”- How to perform a silent (unattended) installation
- How to configure the client via group policy or MDM
- Which settings can be locked by administrators
- How locked settings appear to end users
Silent installation
Section titled “Silent installation”The finwave desktop client supports fully unattended installation for large-scale deployments. Use the install command with the --silent flag to suppress all UI prompts:
finwave-desktop install \ --api-url https://api.yourorg.finwave.io \ --data-dir ~/.finwave \ --autostart \ --silentInstall parameters
Section titled “Install parameters”| Flag | Required | Description |
|---|---|---|
--api-url | Yes | The finwave API endpoint the client connects to |
--data-dir | No | Override the default application data directory (default: ~/.finwave/) |
--autostart | No | Register the client to start automatically at system login |
--silent | No | Suppress all installation dialogs and prompts |
Group policy and MDM
Section titled “Group policy and MDM”After installation, you can centrally manage client settings through your organization’s policy framework. The client reads managed settings from platform-specific locations:
| Platform | Policy source |
|---|---|
| Windows | Registry keys under HKLM\SOFTWARE\Policies\finwave\Desktop |
| macOS | Managed preferences via MDM profile (domain: io.finwave.desktop) |
| Linux | JSON policy file at /etc/finwave/policy.json |
Policy file format (Linux)
Section titled “Policy file format (Linux)”{ "api_url": { "value": "https://api.yourorg.finwave.io", "locked": true }, "autostart": { "value": true, "locked": true }, "auto_confirm": { "value": false, "locked": true }, "bandwidth_limit_mbps": { "value": 50, "locked": false }}Each setting has a value and a locked flag. When locked is true, the user cannot change the setting in the UI.
Lockable settings
Section titled “Lockable settings”The following settings can be centrally managed and optionally locked:
| Setting | Type | Description |
|---|---|---|
api_url | string | The finwave API server URL |
autostart | boolean | Whether the client starts at system login |
auto_confirm | boolean | Whether staged encounters upload without user confirmation |
data_dir | string | The application data directory path |
bandwidth_limit_mbps | number | null | Upload bandwidth cap in Mbps |
allowed_directory_roots | string[] | Restrict which directories users can add as watched directories. If set, users can only select subdirectories of these roots. |
Managed vs. locked
Section titled “Managed vs. locked”There is a distinction between managed and locked settings:
- Managed — The organization provides a default value. The user can still change it.
- Locked — The organization provides a value and prevents the user from changing it.
Set locked: true only for settings that must be enforced (such as the API URL or directory restrictions). Leave other settings managed-but-unlocked to give users flexibility while establishing sensible defaults.
How locked settings appear
Section titled “How locked settings appear”When a setting is locked, the corresponding control in the settings UI is disabled and displays a label: “Managed by your organization.” The user can see the current value but cannot modify it.
Verifying deployment
Section titled “Verifying deployment”After deploying the client, you can verify the configuration on any machine by:
- Opening the desktop client and navigating to Settings > IT Dashboard.
- Checking the permissions summary to confirm the expected Tauri capabilities.
- Reviewing the configuration section to confirm managed and locked settings are applied.
- Checking the audit log for the initial
configentries written at first launch.
Related
Section titled “Related”- Security Model — Tauri permissions, filesystem scope, and sandboxing
- Audit Log — Reviewing client activity and exporting logs
- Network Requirements — Allowed domains and firewall rules
- Sync Configuration — All sync settings that can be managed via policy
- For IT Teams — Quick-start guide for IT administrators