Bugfix: Copying or moving an empty folder now creates it

- The per-file copy loop creates directories only as FILE parents, so an empty directory — or a branch holding nothing but empty directories — completed "successfully" while never arriving at the destination
- Cross-FS move was worse: the empty dir never staged, Phase 3's rename never moved it, and Phase 4's source delete then destroyed it — silent data loss
- New `create_scanned_dirs_at_destination` pass (in `copy.rs`, shared by both pipelines) lands the scanned dirs the loop missed: runs on the copy's Completed arm and after the move's staging loop, maps via the same relative-path rule as `FileInfo::dest_path`, honors folder→file Rename redirects, records created dirs for rollback, and mirrors the loop's outcome semantics (Cancelled keeps copied files, other errors roll back)
- Data-safety: a dest path that already holds anything (dir = merge, file = type clash) is left untouched — an empty source dir never replaces user data
- The volume (MTP/SMB) pipeline never had the hole (`copy_directory_streaming` creates each dir before walking children); same-FS move renames whole sources, also fine
- TDD: four red tests first (`copy_tests.rs` ×3, `move_op_tests.rs` ×1), verified live through MCP (top-level empty dir + nested empty dir both land now)

Author: vdavid

apps/desktop/src-tauri/src/file_system/write_operations/transfer/CLAUDE.md

@@ -44,6 +44,8 @@ Frontend counterpart: [`apps/desktop/src/lib/file-operations/transfer/CLAUDE.md`
 
 **Cross-FS move source-delete preserves Skipped sources.** `move_with_staging`'s Phase 3 (staging → final rename) resolves conflicts; a Skip discards the staged copy so the file never lands at the destination. Phase 4 (`delete_sources_after_move`) must therefore NOT delete that source — the user clicked Skip to keep both copies, and deleting the only original would be silent data loss. Phase 3 records every Skipped original in a `skipped_source_paths: HashSet<PathBuf>` (whole top-level source for a single-file / type-mismatch Skip; per-child paths remapped from the staging prefix back to the source prefix for a directory merge). Phase 4 skips whole sources in the set, removes a clean source dir wholesale (`remove_dir_all`), and for a source dir that holds a Skipped descendant walks it via `delete_dir_preserving_skipped` (deletes non-skipped children, removes a dir only once empty), so the Skipped child's original survives inside a surviving source directory. The same-FS path (`move_with_rename`) is inherently correct: it renames originals directly, and a Skipped child just leaves the source dir non-empty. Pinned by `move_op_tests.rs::{cross_fs_move_skip_preserves_source_and_dest, cross_fs_move_dir_merge_skip_child_preserves_source_child}`.
 
+**Empty directories land via the scanned-dirs pass (`copy.rs::create_scanned_dirs_at_destination`).** The per-file loop creates directories only as FILE parents, so an empty directory — or a branch holding nothing but empty directories — has no file to hang its creation on and used to complete "successfully" while never arriving (and on a cross-FS move, Phase 4 then deleted the source: the empty dir was destroyed without ever landing). The pass runs over `ScanResult.dirs` on the local copy's Completed arm and after the move's staging loop (destination = the staging dir, so empty dirs ride the normal Phase-3 rename + cleanup). Mapping mirrors `FileInfo::dest_path`; created dirs are recorded for rollback. Data-safety: a dest path that already holds anything (dir = merge, file = type clash) is left untouched — an empty source dir never replaces user data. Pinned by `copy_tests.rs::{copy_creates_empty_directory_at_destination, copy_creates_nested_empty_directories, copy_empty_directory_does_not_clobber_same_named_dest_file}` and `move_op_tests.rs::cross_fs_move_preserves_empty_directories`. The volume (MTP/SMB) pipeline doesn't share the hole — `copy_directory_streaming` creates each dir before walking its children.
+
 **Move rollback (same-FS).** `MoveTransaction` in `move_op.rs` tracks `(source, dest)` pairs for each rename. On cancellation, renames are reversed in reverse order. Same-FS rename rollback is instant (just another rename), so it runs synchronously. Cross-FS move rollback is handled by `CopyTransaction` (deletes the staging directory).
 
 **Intentional duplication: `merge_move_directory` vs `copy_single_item`.** Both implement recursive merge with conflict resolution, but differ in every detail: copy has progress tracking, symlink handling, byte counting, strategy selection, and `CopyTransaction` recording. Move uses simple `fs::rename`. A shared abstraction would be forced and fragile. Cross-references are in the doc comments of both functions.

apps/desktop/src-tauri/src/file_system/write_operations/transfer/copy.rs

@@ -392,6 +392,40 @@ pub(in crate::file_system::write_operations) fn copy_files_with_progress_inner(
                 return Ok(());
             }
 
+            // Land the scanned directories the per-file loop didn't create:
+            // empty dirs (and branches of only empty dirs) have no files, so
+            // without this they'd silently never arrive at the destination.
+            // Outcomes mirror the loop's arms: Cancelled keeps what's copied
+            // (commit, so the Drop safety-net can't roll it back), any other
+            // error rolls back like `PostLoopIntent::Failed`.
+            if let Err(e) = create_scanned_dirs_at_destination(
+                &scan_result.dirs,
+                sources,
+                destination,
+                state,
+                &mut transaction,
+                &mut created_dirs,
+                &dir_remap,
+            ) {
+                if matches!(e, WriteOperationError::Cancelled { .. }) {
+                    transaction.commit();
+                    events.emit_cancelled(WriteCancelledEvent {
+                        operation_id: operation_id.to_string(),
+                        operation_type: WriteOperationType::Copy,
+                        files_processed: files_done,
+                        rolled_back: false,
+                    });
+                } else {
+                    transaction.rollback();
+                    events.emit_error(WriteErrorEvent::new(
+                        operation_id.to_string(),
+                        WriteOperationType::Copy,
+                        e.clone(),
+                    ));
+                }
+                return Err(e);
+            }
+
             // Flush every created destination to disk before reporting
             // complete, so "complete" means durable. Reuses the transaction's
             // own `created_files`; skips paths the strategy already flushed.
@@ -580,6 +614,84 @@ fn apply_dir_remap(dest: &Path, dir_remap: &HashMap<PathBuf, PathBuf>) -> PathBu
     }
 }
 
+/// Creates destination directories for the scanned source dirs the per-file
+/// loop didn't materialize. The loop creates directories only as FILE parents,
+/// so an empty directory — or a branch holding nothing but empty directories —
+/// used to complete "successfully" while never arriving at the destination
+/// (and on a cross-FS move, Phase 4 then deleted the source: the empty dir was
+/// destroyed without ever landing). The scan already collected every source
+/// dir; this pass lands the missing ones.
+///
+/// Mirrors `FileInfo::dest_path`'s mapping (the path relative to its top-level
+/// source's parent, joined onto `destination`), honors active folder→file
+/// Rename redirects via `dir_remap`, and records created dirs in the
+/// transaction for rollback.
+///
+/// Data-safety: a dest path that already holds ANYTHING is left untouched — a
+/// same-named dir is a merge (nothing to create), and a same-named file is a
+/// type clash where silently replacing user data with an empty directory would
+/// be worse than skipping.
+pub(super) fn create_scanned_dirs_at_destination(
+    scanned_dirs: &[PathBuf],
+    sources: &[PathBuf],
+    destination: &Path,
+    state: &Arc<WriteOperationState>,
+    transaction: &mut CopyTransaction,
+    created_dirs: &mut HashSet<PathBuf>,
+    dir_remap: &HashMap<PathBuf, PathBuf>,
+) -> Result<(), WriteOperationError> {
+    // `scanned_dirs` is deepest-first (the delete order); reverse so parents
+    // come before children.
+    for dir in scanned_dirs.iter().rev() {
+        if is_cancelled(&state.intent) {
+            return Err(WriteOperationError::Cancelled {
+                message: "Operation cancelled by user".to_string(),
+            });
+        }
+        let Some(dest) = dir_dest_path(dir, sources, destination) else {
+            continue;
+        };
+        let dest = apply_dir_remap(&dest, dir_remap);
+        if created_dirs.contains(&dest) || path_exists_or_is_symlink(&dest) {
+            continue;
+        }
+        // Collect the missing ancestors first so rollback records exactly what
+        // this pass created (same pattern as the file loop's parent creation).
+        let mut dirs_to_create: Vec<PathBuf> = Vec::new();
+        let mut walk = dest.clone();
+        while !walk.exists() && !created_dirs.contains(&walk) {
+            dirs_to_create.push(walk.clone());
+            match walk.parent() {
+                Some(p) => walk = p.to_path_buf(),
+                None => break,
+            }
+        }
+        fs::create_dir_all(&dest).map_err(|e| WriteOperationError::IoError {
+            path: dest.display().to_string(),
+            message: format!("Failed to create directory: {}", e),
+        })?;
+        for created in dirs_to_create.into_iter().rev() {
+            transaction.record_dir(created.clone());
+            created_dirs.insert(created);
+        }
+    }
+    Ok(())
+}
+
+/// Maps a scanned source directory to its destination path, mirroring
+/// `FileInfo::dest_path`: the path relative to its top-level source's parent,
+/// joined onto `destination`. `None` when the dir isn't under any source
+/// (can't happen for paths produced by the scan walker over these sources).
+fn dir_dest_path(dir: &Path, sources: &[PathBuf], destination: &Path) -> Option<PathBuf> {
+    sources.iter().find_map(|source| {
+        if !dir.starts_with(source) {
+            return None;
+        }
+        let root = source.parent().unwrap_or(source);
+        dir.strip_prefix(root).ok().map(|relative| destination.join(relative))
+    })
+}
+
 /// Copies a single file or symlink to its destination.
 /// Ensures parent directories exist before copying.
 /// Used by both copy and cross-filesystem move operations.

apps/desktop/src-tauri/src/file_system/write_operations/transfer/copy_tests.rs

@@ -116,3 +116,103 @@ fn local_copy_emits_flushing_phase_before_complete() {
     let complete = events.complete.lock().unwrap();
     assert_eq!(complete.len(), 1, "exactly one write-complete");
 }
+
+/// Copying an EMPTY directory must create it at the destination. The copy
+/// loop iterates `scan_result.files` only and creates directories lazily as
+/// file parents, so a source with zero files used to complete "successfully"
+/// while creating nothing — the empty dir silently never arrived.
+#[test]
+fn copy_creates_empty_directory_at_destination() {
+    let tmp = tempfile::tempdir().expect("tempdir");
+    let src_dir = tmp.path().join("src");
+    let dst_dir = tmp.path().join("dst");
+    fs::create_dir_all(src_dir.join("empty-dir")).unwrap();
+    fs::create_dir_all(&dst_dir).unwrap();
+
+    let events = Arc::new(CollectorEventSink::new());
+    let state = make_state(200);
+    let config = WriteOperationConfig::default();
+
+    let source = src_dir.join("empty-dir");
+    let result = copy_files_with_progress_inner(
+        &*events,
+        "op-copy-empty-dir",
+        &state,
+        std::slice::from_ref(&source),
+        &dst_dir,
+        &config,
+    );
+    assert!(result.is_ok(), "expected Ok, got {:?}", result);
+    assert!(
+        dst_dir.join("empty-dir").is_dir(),
+        "the empty directory must exist at the destination"
+    );
+}
+
+/// Empty directories NESTED inside a populated source must land too: the file
+/// loop creates only ancestors of files, so `tree/sub-empty` (no files
+/// anywhere under it) needs the explicit scanned-dirs pass.
+#[test]
+fn copy_creates_nested_empty_directories() {
+    let tmp = tempfile::tempdir().expect("tempdir");
+    let src_dir = tmp.path().join("src");
+    let dst_dir = tmp.path().join("dst");
+    fs::create_dir_all(src_dir.join("tree/populated")).unwrap();
+    fs::create_dir_all(src_dir.join("tree/sub-empty/deeper-empty")).unwrap();
+    fs::write(src_dir.join("tree/populated/file.txt"), b"content").unwrap();
+    fs::create_dir_all(&dst_dir).unwrap();
+
+    let events = Arc::new(CollectorEventSink::new());
+    let state = make_state(200);
+    let config = WriteOperationConfig::default();
+
+    let source = src_dir.join("tree");
+    let result = copy_files_with_progress_inner(
+        &*events,
+        "op-copy-nested-empty-dirs",
+        &state,
+        std::slice::from_ref(&source),
+        &dst_dir,
+        &config,
+    );
+    assert!(result.is_ok(), "expected Ok, got {:?}", result);
+    assert!(
+        dst_dir.join("tree/populated/file.txt").is_file(),
+        "the regular file must arrive"
+    );
+    assert!(
+        dst_dir.join("tree/sub-empty/deeper-empty").is_dir(),
+        "nested empty directories must exist at the destination"
+    );
+}
+
+/// An empty source dir whose destination already holds a same-named FILE must
+/// not destroy that file (folders merge; a type clash on an empty dir is left
+/// alone rather than silently replacing user data).
+#[test]
+fn copy_empty_directory_does_not_clobber_same_named_dest_file() {
+    let tmp = tempfile::tempdir().expect("tempdir");
+    let src_dir = tmp.path().join("src");
+    let dst_dir = tmp.path().join("dst");
+    fs::create_dir_all(src_dir.join("clash")).unwrap();
+    fs::create_dir_all(&dst_dir).unwrap();
+    fs::write(dst_dir.join("clash"), b"existing user data").unwrap();
+
+    let events = Arc::new(CollectorEventSink::new());
+    let state = make_state(200);
+    let config = WriteOperationConfig::default();
+
+    let source = src_dir.join("clash");
+    let result = copy_files_with_progress_inner(
+        &*events,
+        "op-copy-empty-dir-clash",
+        &state,
+        std::slice::from_ref(&source),
+        &dst_dir,
+        &config,
+    );
+    assert!(result.is_ok(), "expected Ok, got {:?}", result);
+    let dest = dst_dir.join("clash");
+    assert!(dest.is_file(), "the existing dest file must survive");
+    assert_eq!(fs::read(&dest).unwrap(), b"existing user data");
+}

apps/desktop/src-tauri/src/file_system/write_operations/transfer/move_op.rs

@@ -595,6 +595,29 @@ fn move_with_staging(
         return Err(e);
     }
 
+    // Stage the scanned directories the per-file loop didn't create: an empty
+    // dir has no files, so it never staged, Phase 3's rename never moved it,
+    // and Phase 4's source delete then DESTROYED it — gone from the source
+    // without ever arriving at the destination. Staging it here lets it ride
+    // the normal rename + cleanup machinery.
+    if let Err(e) = super::copy::create_scanned_dirs_at_destination(
+        &scan_result.dirs,
+        sources,
+        &staging_dir,
+        state,
+        &mut transaction,
+        &mut created_dirs,
+        &dir_remap,
+    ) {
+        remove_dir_all_in_background(staging_dir.clone());
+        events.emit_error(WriteErrorEvent::new(
+            operation_id.to_string(),
+            WriteOperationType::Move,
+            e.clone(),
+        ));
+        return Err(e);
+    }
+
     // Original source paths whose staged copy was discarded on Skip (the file
     // never reached the destination). Phase 4 consults this so it deletes ONLY
     // sources that actually landed — deleting a skipped source's original would

apps/desktop/src-tauri/src/file_system/write_operations/transfer/move_op_tests.rs

@@ -645,3 +645,45 @@ fn matrix_dir_overwrite_older_skips_newer_child_preserves_source() {
     assert_dir_one_skipped_child(false, ConflictResolution::OverwriteOlder, false);
     assert_dir_one_skipped_child(true, ConflictResolution::OverwriteOlder, false);
 }
+
+/// A cross-FS move of a tree containing an EMPTY directory must land that
+/// directory at the destination — and, critically, must not destroy it. The
+/// staging copy iterates `scan_result.files` only, so an empty dir never
+/// staged, never renamed into place, and then Phase 4 deleted the source:
+/// the directory vanished entirely. That's silent data loss, the worst case
+/// of the empty-dir hole (the copy sibling merely failed to create it).
+#[test]
+fn cross_fs_move_preserves_empty_directories() {
+    let tmp = tempfile::tempdir().expect("tempdir");
+    let src_dir = tmp.path().join("src");
+    let dst_dir = tmp.path().join("dst");
+    fs::create_dir_all(src_dir.join("tree/populated")).unwrap();
+    fs::create_dir_all(src_dir.join("tree/sub-empty")).unwrap();
+    fs::write(src_dir.join("tree/populated/file.txt"), b"content").unwrap();
+    fs::create_dir_all(&dst_dir).unwrap();
+
+    let events = Arc::new(CollectorEventSink::new());
+    let state = make_state(200);
+    let config = WriteOperationConfig::default();
+
+    let source = src_dir.join("tree");
+    let result = move_with_staging(
+        &*events,
+        "op-cross-fs-move-empty-dir",
+        &state,
+        std::slice::from_ref(&source),
+        &dst_dir,
+        &config,
+    );
+    assert!(result.is_ok(), "expected Ok, got {:?}", result);
+
+    assert!(
+        dst_dir.join("tree/sub-empty").is_dir(),
+        "the empty directory must arrive at the destination"
+    );
+    assert!(
+        dst_dir.join("tree/populated/file.txt").is_file(),
+        "the regular file must arrive at the destination"
+    );
+    assert!(!source.exists(), "the source tree should be removed after the move");
+}