Current state of the transport plugin work. See also: testing, decisions.
• wxFilePickerCtrl confirmed incompatible with URL input — replaced with wxComboBox + Browse button
• pws_os::LoadLibrary confirmed Windows-only — transport loader uses dlopen/LoadLibrary directly
src/os/transport.h — PWSTransport struct, ABI version, PWS_EXPORT macro, all public API declarations
src/os/unix/transport.cpp — lazy loader (Linux + macOS), dlopen/dlsym, plugin cache, FILE* map, scheme validation, cache dir, lockd registry
src/os/windows/transport.cpp — Windows loader: CreateFileMapping identity scan, LoadLibrary/GetProcAddress, memmem polyfill, SHGetFolderPathA cache dir, GetModuleFileNameW app dir
src/os/unix/file.cpp — FileExists (×2), FOpen, FClose, LockFile, UnlockFile intercepts (Linux)
src/os/mac/file.cpp — same intercepts for macOS
src/os/windows/file.cpp — same intercepts for Windows; wstr_to_utf8() helper for stringT→UTF-8
src/os/CMakeLists.txt — transport.cpp added for all three platforms, plugin subdirs wired in
src/os/plugins/file/transport-file.cpp — cross-platform identity string (MSVC/Apple/ELF variants), pws_plugin_init exported via PWS_EXPORT
src/os/plugins/file/CMakeLists.txt — MODULE library, PREFIX "", .dll on Windows via if(WIN32) conditional
src/ui/wxWidgets/DbSelectionPanel.h/.cpp — wxComboBox replaces wxFilePickerCtrl; URL-aware DoValidation(); transport error dialog
src/ui/wxWidgets/OpenUrlDlg.h/.cpp — URL entry dialog with editable combo + history dropdown (File → Open URL…)
src/ui/wxWidgets/MenuFileHandlers.cpp — OnOpenUrlClick, URL history in wxConfig /URLHistory/
Error messages improved: ENOTSUP → "No transport plugin for this URL scheme"; EACCES → netrc hint; other errno → strerror appended
src/os/plugins/webdav/transport-webdav.cpp — libcurl GET/PUT/HEAD/OPTIONS/LOCK/UNLOCK; cross-platform identity string; #ifdef guards for POSIX vs Windows includes; strncasecmp → _strnicmp on MSVC; lock timeout 30s
src/os/plugins/webdav/CMakeLists.txt — pwsafe-https.so/.dll; pwsafe-http.so symlink (Unix) / copy (Windows)
src/os/unix/transport_lockd.cpp — (Linux + macOS) fork/socketpair child process, binary IPC protocol, EOF-triggered cleanup
src/os/windows/transport_lockd.cpp — Windows: no fork; synchronous in-process calls; token map always consistent; static destructor for graceful shutdown
src/test/transport_standalone_test.cpp — standalone infrastructure tests (offline)
src/test/transport_webdav_test.cpp — WebDAV plugin tests (11 sections, 59 assertions); store_clearing_stale_lock() for stale-lock resilience in CI
src/test/transport_lock_lifecycle_test.cpp — lock daemon tests (6 sections, 49 assertions)
src/test/webdav_test_server.py + run_local_webdav_tests.sh — local wsgidav server for offline live tests
Makefile.transport-tests — platform-aware: -bundle/-shared, curl-config/pkg-config, DL_LIB per OS
.github/workflows/transport-tests.yml — CI runs Linux → macOS → Windows sequentially (shared live server, no lock conflicts)
Three rounds: o3, gpt-5.2, self-review. All Critical+High findings fixed. See security_audits.
Binary + plugins at ~/pwsafe/ on both local machine (Ubuntu 24.04) and kelp (Debian 13).
Help files (helpEN.zip etc.) also in ~/pwsafe/ — gethelpdir() checks binary dir first before /usr/share.
macOS: macos-build.sh builds full app + WebDAV plugin, handles codesigning (ad-hoc or team certificate).
• Plugin ABI signature / Ed25519 verification (security audit recommendation — prevents loading tampered plugins)
• Lock refresh: WebDAV LOCK tokens have a 30s server timeout; long editing sessions could expire the lock. Should send a LOCK refresh (re-LOCK with the existing token) periodically. Not currently implemented.
• CI actions/checkout@v4 uses Node.js 20 (deprecated June 2026, removed September 2026). Upgrade to @v5 when available and stable.
• windows-latest runner will redirect to windows-2025-vs2026 by June 2026 — monitor for any build breakage.