Every file move is policy-checked, traced, and replayable.
Pick & Drop replaces ungoverned file movement with an enforceable enterprise standard. SMB-driven Linux↔Windows transfers with policy approval, encryption, and a signed audit trail — provisioned from DSS Portal. A .NET backend with consumer contract tests, a bilingual Next.js management UI (EN/SV), and release-gate-enforced deployment.
Ungoverned file transfer creates invisible compliance risk.
Every quarter, ad-hoc scripts, manual SFTP, and untracked file shares accumulate. When auditors ask for evidence, teams scramble — because no one logged where files went or why.
Compliance gaps
File movements happen outside auditable systems. Evidence is reconstructed after the fact — if it exists at all.
Integration sprawl
Every team builds their own transfer scripts. No shared policy, no standard encryption, no central visibility.
Audit fragility
Retention policies exist on paper but aren’t enforced in infrastructure. Files expire, logs rotate, evidence disappears.
More controlled than file-drop glue. Easier to operate than legacy integration stacks.
Pick & Drop is built for teams that need governed movement across mixed environments without bringing back BizTalk-era complexity or a pile of shell scripts no one owns.
Cross-platform without custom glue
Run the same governed transfer contract across Linux, WSL, macOS, and Windows. Operators stop rewriting flows per host or per team.
Built-in eventing and AI alarm paths
Transfers, failures, and policy events can fan out through an internal event bus and AI-connected alarm paths instead of disappearing into inboxes and manual checks.
Replace brittle stacks with one governed runtime
Use Pick & Drop where older file-transfer glue, custom scripts, and heavy legacy integration platforms create more operational drag than control.
One standard for every file movement.
Policy engine
Define rules for allowed extensions, size limits, encryption requirements, and destination constraints. Every transfer is checked before execution.
End-to-end encryption
Files are encrypted in transit and at rest. Key management is automated. No plaintext exposure at any stage of the pipeline.
Immutable audit trail
Every transfer produces a signed, tamper-evident log entry. Who sent what, where, when — with cryptographic proof.
Replay & rollback
Failed transfers are retried automatically. Any delivery can be replayed from the audit log for investigation or recovery.
Built for auditors, operated by engineers.
Pick & Drop satisfies SOC 2, GDPR data residency, and industry-specific retention requirements by design — not by exception.
Cross-platform file movement, governed end to end.
Pick & Drop bridges Linux and Windows environments through SMB-driven transfers with full lifecycle tracking.
SMB-driven transport
Native SMB integration moves files between Linux and Windows hosts without custom agents or proprietary protocols. Configurable share paths, credential sync from the host environment via mounted volumes, and automatic retry on network interruptions. The container reads SMB credentials at runtime — no plaintext secrets in configuration files.
Transfer job lifecycle
Every file movement is a tracked job: created, validated against policy, executed with encryption, verified on delivery, and logged to the immutable audit trail.
Pickup & drop mechanics
Source directories are monitored for new files. Matched files are picked up, policy-checked, encrypted, and dropped to the configured destination — automatically and continuously.
Seven stages. Every one auditable.
Each file transfer follows a deterministic lifecycle — from detection through delivery confirmation — with policy enforcement and cryptographic evidence at every stage.
Detection & pickup
Source directories are watched continuously. When a new file matches the configured pattern, it enters the transfer pipeline immediately. No polling delay, no manual trigger.
Policy validation
Before any bytes move, the policy engine evaluates extension whitelist, file size limits, encryption requirements, and destination constraints. A single policy violation stops the transfer with a logged reason.
Encryption & transit
Files are encrypted with managed keys before leaving the source host. SMB transport moves the encrypted payload to the destination share. The file is never in plaintext outside the source and destination endpoints.
Delivery & verification
On arrival, the destination agent verifies the integrity hash, decrypts the payload, and confirms successful write. A signed receipt is generated with timestamp, file hash, source, destination, and policy evaluation result.
Built for production. Proven by contract.
Portal provisioning
New customers are onboarded from DSS Portal. Licenses, configuration, and transfer policies are applied automatically. The portal handles tenant provisioning, billing, and configuration management — no manual setup required.
.NET backend
The transfer engine runs on .NET with a documented API surface. Consumer contract tests guarantee that every integration point between the backend and DSS Portal works exactly as specified. The backend handles job orchestration, SMB credential management, and policy evaluation — validated by release gates including backend build, frontend lint, contract tests, and integration checks.
Release gates
Every release passes contract tests, frontend build validation, and full release gate checks before deployment. No shortcut path to production.
Two runtimes, one governed pipeline.
.NET transfer engine
The .NET backend manages transfer jobs, SMB share connections, policy evaluation, and encryption. Built with dotnet build Integration.Services.PickAndDrop.Backend.sln, validated by consumer contract tests, and deployed via install.sh which starts the full Docker stack.
Next.js management UI
Bilingual (EN/SV) frontend built on Next.js with full i18n support. Operators manage transfer policies, monitor job status, and review audit evidence through a responsive web interface.
Docker with release gates
Containerized deployment with automated release gates. Contract tests, frontend build validation, and integration checks must all pass before any release reaches production.
Every integration point is contract-tested.
Pick & Drop ships with consumer contract tests, release gate checks, and frontend build validation. No shortcut path to production.
Consumer contract tests
Every API integration between the .NET backend and DSS Portal is covered by consumer-driven contract tests. Schema changes, payload modifications, and endpoint updates are validated against consumer expectations before merge. The full release gate suite — backend compilation, frontend lint and build, contract tests, and integration checks — runs on every build.
Release gate tests
The full release gate suite runs on every build: backend compilation, frontend lint and build, contract test pass, and integration checks. A single gate failure blocks the release pipeline — no exceptions.
Frontend validation
The Next.js management UI passes lint, TypeScript strict-mode typecheck, and bilingual i18n completeness validation on every commit. EN and SV translations are verified to be symmetric — missing keys fail the build.
A complete governed transfer pipeline.
Pick & Drop replaces scattered scripts with one auditable system. Here is what ships on day one.
SMB-native transport
Linux↔Windows file movement over standard SMB shares. Credential sync from the host environment via mounted volumes, configurable per-share paths, and automatic retry on network interruptions. No proprietary agents, no custom protocols — infrastructure your network team already understands.
Consumer contract tests
Every integration point between the .NET backend and DSS Portal is covered by consumer-driven contract tests. API changes that break consumers are caught before they reach production. The full release gate suite (npm run test:full) enforces backend build, frontend validation, and contract test passage on every release.
Idempotent job execution
Transfer jobs are safe to retry. Duplicate deliveries are detected by content hash comparison. Network interruptions resolve automatically without manual intervention.
Signed audit receipts
Every completed transfer generates a tamper-evident receipt with cryptographic proof of delivery. Auditors get machine-verifiable evidence, not reconstructed spreadsheets.
Structured plans. Transparent scope.
All plans include the governance layer, signed audit evidence, and customer portal access.
Pick & Drop Team
For one team standardising file movement across Linux, WSL, macOS, and Windows.
- Up to 10 transfer endpoints
- Policy engine + signed audit trail
- Email support, EU data residency
Pick & Drop Fleet
For multi-team estates with policy promotion and counterparty rings.
- Up to 50 transfer endpoints
- Policy promotion across dev/stage/prod
- Counterparty attestation rings
- Priority support + replay tooling
Pick & Drop Enterprise
For regulated enterprises with compliance retention and on-prem options.
- Unlimited endpoints
- SOC 2 + GDPR compliance package
- Custom retention windows
- On-prem deployment, dedicated CSM
Prices in EUR. VAT shown at checkout. Enterprise plans are billed annually.
From license to first transfer in one workflow.
DSS Portal handles the full provisioning lifecycle. No manual configuration, no ad-hoc setup scripts.
Portal-driven onboarding
New customers are provisioned directly from DSS Portal. Licenses, transfer policies, and SMB share credentials are configured in a single guided workflow.
Credential sync
SMB credentials are synced securely from the host environment. No plaintext secrets in configuration files — the container reads credentials at runtime through mounted volumes.
Docker-native deployment
One docker compose up starts the full transfer stack. Isolated container with per-share volumes, automated health checks, and cross-platform support across Mac, Linux, and WSL.
Replace ad-hoc file transfer today.
Start an evaluation or explore the interactive demo to see policy-enforced file movement in action.