arizuko › concepts › webdav

webdav

Web-native agents serve the folder outward — content the world reads. WebDAV mounts the same folder inward, as a file workspace only you touch. Each group folder is exposed at https://<host>/dav/<group>/, so you can mount it from Finder, sync it with rclone, or edit a file in any editor — and because the folder is the ant, the next agent turn simply picks up your changes. No deploy, no reload. Step-by-step setup: how-to / webdav.

what davd does

The davd daemon is a thin wrapper around sigoden/dufs — one Rust binary that serves a directory over WebDAV. It mounts <data-dir>/groups/ at /data inside its container and exposes it on :8080. That’s the whole daemon.

davd has no idea who you are. Authentication and per-group scoping happen one hop earlier, in proxyd.

why it matters

The same folder you see over WebDAV is the folder the agent reads each turn. Edit CLAUDE.md from your laptop, save, send the agent a message — the new runbook is already in effect. No deploy, no restart. Drop a CSV in facts/, the agent finds it on the next recall.

show me

# list a group's files with curl + PROPFIND
curl -X PROPFIND https://<host>/dav/<group>/ \
     -H 'Depth: 1' \
     -H "Authorization: Bearer $TOKEN"

# mount it as a real filesystem
rclone mount mygroup:/dav/<group>/ ~/mnt/<group> --vfs-cache-mode writes

# now edit a file like any other
vim ~/mnt/<group>/CLAUDE.md

Get $TOKEN from /dash/profile. Browsers can sign in at /auth/login and use the JWT cookie instead.

auth: proxyd in front

Every /dav/<group>/... request hits proxyd first. proxyd verifies the JWT (cookie or Bearer token), reads the user’s groups claim, and checks the <group> in the URL against that claim. No match, no upstream — 403 before davd sees the request. Operators with the ** grant reach any folder.

the write-block guard

Even with a valid grant, proxyd refuses writes to a few paths inside the group folder. Reads still pass through — the operator can always inspect.

• Secrets-ish files — .env, *.pem, anything under .git/. PUT, DELETE, MOVE, MKCOL, PROPPATCH all return 403.
• <group>/logs/ is read-only. GET and PROPFIND pass; anything that writes returns 403. The agent can’t scribble over its own logs, and you can’t accidentally delete them either.
• Cross-group writes are impossible — the path check in proxyd is per-group, so a request to /dav/other-group/ is judged against other-group and only succeeds if your grant covers it.

what you get

• Browse from anything. Finder, Windows Explorer, Cyberduck, rclone, curl — standard WebDAV verbs.
• JWT or Bearer auth. The same token that gates /dash/. No Basic Auth.
• Live workspace. Your edits are the agent’s next-turn reality.
• Sensitive paths read-only. Secrets and logs can be inspected, not overwritten.

go deeper

• specs/5/M-webdav.md — routing, auth, write-block rules, config flags.
• auth — how the JWT/Bearer token gating /dav/ is minted and refreshed.
• grants — how the per-group claim that scopes a WebDAV path is computed.