vdavid
diff --git a/‎apps/desktop/src-tauri/src/file_system/volume/CLAUDE.md‎
Lines changed: 4 additions & 3 deletions b/‎apps/desktop/src-tauri/src/file_system/volume/CLAUDE.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎apps/desktop/src-tauri/src/file_system/volume/mod.rs‎
Lines changed: 53 additions & 0 deletions b/‎apps/desktop/src-tauri/src/file_system/volume/mod.rs‎
Lines changed: 53 additions & 0 deletions
@@ -76,6 +76,7 @@ Everything below is optional per the trait (methods default to `Err(NotSupported
 - [ ] Return `supports_export() = true` and implement `export_to_local` + `import_from_local`. These are what the Copy dialog uses for "this volume ↔ local" transfers.
 - [ ] Implement `scan_for_copy` (count + bytes) and `scan_for_conflicts` (destination collision detection). These feed the Copy dialog's pre-flight.
 - [ ] Map your backend's errors through a `map_*_error` function that returns `VolumeError`. Connection-loss errors should trigger a state transition (see `SmbVolume::handle_smb_result` as a reference) so subsequent calls fail fast.
+- [ ] **No full-file buffering in per-file transfer paths.** Don't `std::fs::read` the local source, don't drain the incoming `VolumeReadStream` into a `Vec<u8>`, and don't collect the remote file into a `Vec<u8>` before writing to local. An 8 GB copy would allocate 8 GB of RAM. See the "Streaming requirement" section on each of these trait methods' doc comments: `export_to_local`, `import_from_local`, `open_read_stream`, `write_from_stream`.
 
 ### Tier 3 — integrate with the wider app (optional, but mostly expected)
 
@@ -104,10 +105,10 @@ At-a-glance view of which capabilities each current volume opts into. Use this w
 | `list_directory` / metadata | ✅                   | ✅                      | ✅                        | ✅                 |
 | Mutations (create/delete/rename) | ✅              | ✅                      | ✅                        | ✅                 |
 | `supports_export`           | ✅                   | ✅                      | ✅                        | ✅                 |
-| `export_to_local` / `import_from_local` | ✅       | ✅                      | ✅ streaming              | ❌                 |
+| `export_to_local` / `import_from_local` | ✅       | ✅                      | ✅ streaming (both directions) | ❌            |
 | `supports_streaming`        | ❌ (no need)         | ✅                      | ✅                        | ✅                 |
 | `open_read_stream`          | ❌                   | ✅ owned download       | ✅ channel-backed         | ✅ in-memory       |
-| `write_from_stream`         | ❌                   | ✅ streaming            | ⚠️ pre-buffers (TODO)     | ✅ in-memory       |
+| `write_from_stream`         | ❌                   | ✅ streaming            | ✅ streaming              | ✅ in-memory       |
 | `supports_watching`         | ✅ FSEvents/inotify  | ❌ (own USB watcher)    | ❌ (OS-mount FSEvents)    | ❌                 |
 | `supports_local_fs_access`  | ✅ (default)         | ❌                      | ❌                        | ❌                 |
 | `local_path`                | ✅ `Some(root)`      | `None`                  | `None`                    | `None`             |
@@ -154,7 +155,7 @@ Key building blocks:
 
 The pre-refactor `SmbReadStream` read the entire file into a `Vec<u8>` via `read_file_pipelined` and yielded slices. For an 8 GB file that meant an 8 GB allocation. Don't do this. If the consumer API is stream-shaped, the producer should stream too.
 
-`SmbVolume::write_from_stream` still pre-buffers the source into `all_data` before writing to SMB (comment at the top of the function explains the reasoning at the time). That's the `⚠️` in the capability matrix above — a follow-up to stream the write side in chunks while holding the SMB session mutex for the duration.
+The same rule applies to write paths: `import_from_local` and `write_from_stream` must drive the backend's chunk-by-chunk writer (for example, smb2's `FileWriter`) rather than slurping the source into a `Vec<u8>` first. The SMB write paths used to pre-buffer; they now stream. See the "Streaming requirement" section on each Volume trait method's doc comment.
 
 ## Path handling gotchas
 
 
@@ -508,6 +508,18 @@ pub trait Volume: Send + Sync {
     /// `on_progress(bytes_done, bytes_total)` is called periodically during the transfer.
     /// Return `ControlFlow::Break(())` from the callback to cancel the transfer.
     /// Returns bytes transferred.
+    ///
+    /// # Streaming requirement
+    ///
+    /// **Must stream.** Don't accumulate the remote file into a `Vec<u8>`
+    /// before touching the local disk. A user copying an 8 GB file off a
+    /// NAS would allocate 8 GB of RAM. Drive the backend's streaming reader
+    /// (smb2: `FileDownload`, mtp-rs: `FileDownload`) chunk-by-chunk and
+    /// write each chunk to `local_dest` as it arrives. For local volumes,
+    /// reach for the OS's native copy APIs which stream by design.
+    ///
+    /// Peak memory per transfer should be bounded by a small chunk buffer
+    /// (~1 MiB) regardless of file size.
     fn export_to_local<'a>(
         &'a self,
         source: &'a Path,
@@ -524,6 +536,19 @@ pub trait Volume: Send + Sync {
     /// `on_progress(bytes_done, bytes_total)` is called periodically during the transfer.
     /// Return `ControlFlow::Break(())` from the callback to cancel the transfer.
     /// Returns bytes transferred.
+    ///
+    /// # Streaming requirement
+    ///
+    /// **Must stream.** Don't `std::fs::read(path)` / `tokio::fs::read(path)`
+    /// the local source into a `Vec<u8>` before sending it off. A user
+    /// copying an 8 GB file onto a NAS would allocate 8 GB of RAM. Open the
+    /// source with `tokio::fs::File::open` and drive the backend's streaming
+    /// writer (smb2: `FileWriter`, mtp-rs: `upload_stream`) chunk-by-chunk.
+    /// For local volumes, reach for the OS's native copy APIs which stream
+    /// by design.
+    ///
+    /// Peak memory per transfer should be bounded by a small chunk buffer
+    /// (~1 MiB) regardless of file size.
     fn import_from_local<'a>(
         &'a self,
         local_source: &'a Path,
@@ -580,6 +605,20 @@ pub trait Volume: Send + Sync {
     ///
     /// Returns a VolumeReadStream that yields chunks of data.
     /// The stream must be fully consumed or dropped before other operations.
+    ///
+    /// # Streaming requirement
+    ///
+    /// **Must stream.** Don't read the whole file into a `Vec<u8>` inside
+    /// this method and hand chunks of it back — that's just pre-buffering
+    /// with extra steps. A user streaming an 8 GB file would allocate 8 GB
+    /// of RAM before the consumer sees a single byte. Drive the backend's
+    /// streaming reader (smb2: `FileDownload`, mtp-rs: `FileDownload`) on
+    /// demand from `next_chunk`. If the backend gives you a borrowed
+    /// handle, use a bounded producer/consumer channel (see `SmbReadStream`
+    /// for the pattern).
+    ///
+    /// Peak memory per transfer should be bounded by a small chunk buffer
+    /// (~1 MiB) regardless of file size.
     #[allow(
         clippy::type_complexity,
         reason = "async trait method returns a pinned boxed future by design"
@@ -602,6 +641,20 @@ pub trait Volume: Send + Sync {
     /// * `size` - Total size in bytes (required for protocols like MTP)
     /// * `stream` - Source data stream
     /// * `on_progress` - Progress callback; return `ControlFlow::Break(())` to cancel
+    ///
+    /// # Streaming requirement
+    ///
+    /// **Must stream.** Don't drain `stream` into a `Vec<u8>` before writing
+    /// to the backend. A user copying an 8 GB file through this path would
+    /// allocate 8 GB of RAM. Pull each chunk from `stream.next_chunk().await`
+    /// and push it straight into the backend's streaming writer (smb2:
+    /// `FileWriter`, mtp-rs: `upload_stream`) in the same loop. Holding the
+    /// backend's session mutex across the source `next_chunk` awaits is
+    /// fine — different volumes use different mutexes, so there's no
+    /// deadlock risk.
+    ///
+    /// Peak memory per transfer should be bounded by a small chunk buffer
+    /// (~1 MiB) regardless of file size.
     fn write_from_stream<'a>(
         &'a self,
         dest: &'a Path,