This project ended up being less about WebDAV and more about collaboration.
Claude Code was there at the beginning, helping design the plugin ABI, thinking through how to intercept pws_os::FOpen and FClose without touching the core, and wrestling with the lock daemon when it became clear that signals, fork, and libcurl do not naturally coexist. It was patient, systematic, and tireless. It never got bored of refactoring a function for the third time. It happily reasoned through edge cases at 11pm.
But the same AI that helped build the system was not the one I trusted to judge it. For that, I deliberately brought in other models through my ask tool and asked them to behave like hostile reviewers. They did not know the design history. They did not care how elegant the architecture felt. They simply read the code and asked: where could this break? Where could this be exploited?
That separation turned out to be powerful. Claude helped construct the house. OpenAI's models tried to set fire to it. The fact that they found four Critical issues on the first pass was humbling. It was also reassuring. The problems were real. They were fixable. And they were found before release.
What surprised me most was not that the models found bugs. It was the pattern of what they missed. Both external audits overlooked the SOCK_CLOEXEC file descriptor inheritance issue - a classic Unix footgun. That was caught only in a deliberate, human self-review step. The lesson was clear: AI is an amplifier, not a substitute. It broadens coverage, but it does not eliminate the need for judgement.
In the end, the workflow that emerged felt balanced: AI to design and implement, AI to audit from a fresh perspective, and a human developer responsible for understanding the system deeply enough to question both.
The result is a version of pwsafe that can open a remote database with a single URL, hold a WebDAV lock safely across crashes, and pass multiple independent security reviews. But more interesting to me than the feature itself is the process that produced it.
Working with AI on a mature C++ codebase was not magic. It was iterative, occasionally frustrating, and required constant verification. But it was also genuinely productive. The models accelerated exploration, forced clarity in design decisions, and acted as relentless reviewers.
If there is a broader takeaway, it is this: AI works best in software engineering not as an oracle, but as a collaborator and a critic. Used that way, it can raise the quality bar. Used carelessly, it can just as easily lower it.
This project convinced me that the most interesting role for AI in serious systems work is not replacing developers, but surrounding them - helping build, helping challenge, and helping surface the uncomfortable questions before users ever see the code.