Validate paths in copy/move and mkdir dialogs

- Add validateDirectoryPath() to filename-validation.ts for full path validation (empty, absolute, null bytes, path/component length)
- Wire it into TransferDialog (structural errors before logical checks)
- Replace NewFolderDialog's inline char check with shared validators, gaining name length and path length validation
- Add isDir param to validators for context-aware error messages ("Folder name" vs "Filename")
- Expose path limits from backend via get_path_limits command so frontend uses platform-correct values (1024 macOS, 4096 Linux)

Author: vdavid

apps/desktop/src-tauri/src/commands/file_system.rs

@@ -32,9 +32,25 @@ use tokio::time::Duration;
 use super::util::{
     IpcError, TimedOut, blocking_result_with_timeout, blocking_with_timeout, blocking_with_timeout_flag,
 };
+use crate::file_system::validation::{MAX_NAME_BYTES, MAX_PATH_BYTES};
 
 const PATH_EXISTS_TIMEOUT: Duration = Duration::from_secs(2);
 
+#[derive(serde::Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct PathLimits {
+    pub max_name_bytes: usize,
+    pub max_path_bytes: usize,
+}
+
+#[tauri::command]
+pub fn get_path_limits() -> PathLimits {
+    PathLimits {
+        max_name_bytes: MAX_NAME_BYTES,
+        max_path_bytes: MAX_PATH_BYTES,
+    }
+}
+
 #[tauri::command]
 pub async fn path_exists(volume_id: Option<String>, path: String) -> bool {
     let volume_id = volume_id.unwrap_or_else(|| "root".to_string());

apps/desktop/src-tauri/src/lib.rs

@@ -484,6 +484,7 @@ pub fn run() {
             commands::file_system::get_max_filename_width,
             commands::file_system::find_file_index,
             commands::file_system::resort_listing,
+            commands::file_system::get_path_limits,
             commands::file_system::path_exists,
             commands::file_system::create_directory,
             commands::file_system::benchmark_log,

apps/desktop/src/lib/file-operations/CLAUDE.md

@@ -14,6 +14,8 @@ Provides unified UI for file operations triggered by F5 (copy), F6 (move), F7 (n
 
 1. **TransferDialog** (destination picker + dry-run scan)
     - Pre-fills destination from opposite pane
+    - Validates path structure via `validateDirectoryPath()` from `$lib/utils/filename-validation` (empty, absolute,
+      null bytes, length limits), then checks logical constraints (subfolder, same location)
     - Optional dry-run scan to detect conflicts upfront
     - Shows sampled conflicts (max 200) with streaming progress
     - User makes conflict decisions before operation starts
@@ -50,9 +52,11 @@ Provides unified UI for file operations triggered by F5 (copy), F6 (move), F7 (n
 
 ### New folder (`mkdir/`)
 
-- **mkdir/NewFolderDialog.svelte**: F7 opens dialog pre-filled with cursor item name (sans extension for files). If
-  `createDirectory` times out (slow volume), shows a warning banner with "Refresh listing" and "Dismiss" actions instead
-  of a generic error. Warning uses `--color-warning` / `--color-warning-bg` to distinguish from permanent errors.
+- **mkdir/NewFolderDialog.svelte**: F7 opens dialog pre-filled with cursor item name (sans extension for files). Uses
+  shared validators from `$lib/utils/filename-validation` (`validateDisallowedChars`, `validateNameLength`,
+  `validatePathLength`) for sync checks, then runs async `findFileIndex()` for conflict detection. If `createDirectory`
+  times out (slow volume), shows a warning banner with "Refresh listing" and "Dismiss" actions instead of a generic
+  error. Warning uses `--color-warning` / `--color-warning-bg` to distinguish from permanent errors.
 - **mkdir/new-folder-operations.ts**: `getInitialFolderName()` extracts from cursor, `moveCursorToNewFolder()`
   subscribes to file watcher to track newly created folder
 - **mkdir/new-folder-utils.ts**: Pure utility helpers for deriving the initial folder name from the cursor entry

apps/desktop/src/lib/file-operations/mkdir/NewFolderDialog.svelte

@@ -11,6 +11,7 @@
         refreshListing,
         type UnlistenFn,
     } from '$lib/tauri-commands'
+    import { validateDisallowedChars, validateNameLength, validatePathLength } from '$lib/utils/filename-validation'
     import type { DirectoryDiff } from '$lib/file-explorer/types'
     import ModalDialog from '$lib/ui/ModalDialog.svelte'
     import Button from '$lib/ui/Button.svelte'
@@ -56,10 +57,26 @@
             errorMessage = ''
             return
         }
-        if (trimmed.includes('/') || trimmed.includes('\0')) {
-            errorMessage = 'Folder name contains invalid characters.'
+
+        // Sync validators: chars, name length, full path length
+        const charCheck = validateDisallowedChars(trimmed, true)
+        if (charCheck.severity === 'error') {
+            errorMessage = charCheck.message
+            return
+        }
+        const nameLenCheck = validateNameLength(trimmed, true)
+        if (nameLenCheck.severity === 'error') {
+            errorMessage = nameLenCheck.message
             return
         }
+        const pathLenCheck = validatePathLength(currentPath, trimmed)
+        if (pathLenCheck.severity === 'error') {
+            errorMessage = pathLenCheck.message
+            return
+        }
+
+        // Sync checks passed — clear any previous error, then run async conflict check
+        errorMessage = ''
 
         isChecking = true
         try {

apps/desktop/src/lib/file-operations/transfer/TransferDialog.svelte

@@ -23,6 +23,7 @@
         TransferOperationType,
     } from '$lib/file-explorer/types'
     import { getSetting } from '$lib/settings'
+    import { validateDirectoryPath } from '$lib/utils/filename-validation'
     import DirectionIndicator from './DirectionIndicator.svelte'
     import ModalDialog from '$lib/ui/ModalDialog.svelte'
     import Button from '$lib/ui/Button.svelte'
@@ -140,7 +141,11 @@
         return null
     }
 
-    const pathError = $derived(getPathValidationError(sourcePaths, editedPath))
+    const pathError = $derived.by(() => {
+        const structural = validateDirectoryPath(editedPath)
+        if (structural.severity === 'error') return structural.message
+        return getPathValidationError(sourcePaths, editedPath)
+    })
 
     // Format space info for display
     function formatSpaceInfo(space: VolumeSpaceInfo | null): string {

apps/desktop/src/lib/tauri-commands/file-listing.ts

@@ -211,6 +211,16 @@ export async function clearSelfDragOverlay(): Promise<void> {
     await invoke('clear_self_drag_overlay')
 }
 
+export interface PathLimits {
+    maxNameBytes: number
+    maxPathBytes: number
+}
+
+/** Returns platform-specific filesystem path limits from the backend. */
+export async function getPathLimits(): Promise<PathLimits> {
+    return invoke<PathLimits>('get_path_limits')
+}
+
 /**
  * Checks if a path exists.
  * @param path - Path to check.

apps/desktop/src/lib/tauri-commands/index.ts

@@ -17,6 +17,7 @@ export {
     startSelectionDrag,
     prepareSelfDragOverlay,
     clearSelfDragOverlay,
+    getPathLimits,
     pathExists,
     createDirectory,
     getSyncStatus,

apps/desktop/src/lib/utils/CLAUDE.md

@@ -14,8 +14,8 @@ Small stateless utility functions. Pure, no Svelte state, safe to import from pl
 
 ## filename-validation.ts
 
-`validateFilename()` is the main orchestrator. It runs checks in priority order: errors first, then warnings. Returns
-the first non-ok result, or `{ severity: 'ok', message: '' }`.
+`validateFilename()` is the main orchestrator for single-file renames. It runs checks in priority order: errors first,
+then warnings. Returns the first non-ok result, or `{ severity: 'ok', message: '' }`.
 
 ```
 validateFilename()
@@ -27,6 +27,18 @@ validateFilename()
   └── validateConflict()          — warning if a sibling already has that name (case-insensitive)
 ```
 
+`validateDirectoryPath()` validates full directory paths (not filenames). Used by TransferDialog and composable with
+individual validators in NewFolderDialog.
+
+```
+validateDirectoryPath(path)
+  ├── empty check                 — error if blank after trim
+  ├── absolute check              — error if doesn't start with /
+  ├── null byte check             — error if contains \0
+  ├── total path length           — error if >= 1024 bytes (UTF-8)
+  └── per-component length        — error if any segment >= 255 bytes (splits on /, filters empty)
+```
+
 Key types:
 
 ```ts

apps/desktop/src/lib/utils/filename-validation.test.ts

@@ -4,6 +4,7 @@ import {
     validateNotEmpty,
     validateNameLength,
     validatePathLength,
+    validateDirectoryPath,
     validateExtensionChange,
     validateConflict,
     validateFilename,
@@ -28,6 +29,11 @@ describe('validateDisallowedChars', () => {
     it('allows dots, spaces, dashes, underscores', () => {
         expect(validateDisallowedChars('my file-name_v2.0.txt').severity).toBe('ok')
     })
+
+    it('uses folder label when isDir is true', () => {
+        const result = validateDisallowedChars('foo/bar', true)
+        expect(result.message).toContain('Folder name')
+    })
 })
 
 describe('validateNotEmpty', () => {
@@ -81,6 +87,77 @@ describe('validatePathLength', () => {
     })
 })
 
+describe('validateDirectoryPath', () => {
+    it('rejects empty string', () => {
+        const result = validateDirectoryPath('')
+        expect(result.severity).toBe('error')
+        expect(result.message).toBe("Path can't be empty")
+    })
+
+    it('rejects whitespace-only string', () => {
+        const result = validateDirectoryPath('   ')
+        expect(result.severity).toBe('error')
+        expect(result.message).toBe("Path can't be empty")
+    })
+
+    it('rejects relative path', () => {
+        const result = validateDirectoryPath('Documents/folder')
+        expect(result.severity).toBe('error')
+        expect(result.message).toBe('Path must be absolute (start with /)')
+    })
+
+    it('rejects path with null byte', () => {
+        const result = validateDirectoryPath('/Users/test\0/folder')
+        expect(result.severity).toBe('error')
+        expect(result.message).toBe('Path contains a null character')
+    })
+
+    it('rejects path at 1024 bytes', () => {
+        const longPath = '/' + 'a'.repeat(1023)
+        const result = validateDirectoryPath(longPath)
+        expect(result.severity).toBe('error')
+        expect(result.message).toMatch(/Path is too long/)
+    })
+
+    it('rejects path with a component at 255 bytes', () => {
+        const longComponent = 'a'.repeat(255)
+        const result = validateDirectoryPath(`/Users/${longComponent}/folder`)
+        expect(result.severity).toBe('error')
+        expect(result.message).toMatch(/A folder name in the path is too long/)
+    })
+
+    it('allows valid absolute path', () => {
+        expect(validateDirectoryPath('/Users/test/Documents').severity).toBe('ok')
+    })
+
+    it('allows root path', () => {
+        expect(validateDirectoryPath('/').severity).toBe('ok')
+    })
+
+    it('handles trailing slashes', () => {
+        expect(validateDirectoryPath('/Users/test/').severity).toBe('ok')
+    })
+
+    it('handles double slashes', () => {
+        expect(validateDirectoryPath('/Users//test').severity).toBe('ok')
+    })
+
+    it('counts multi-byte characters correctly', () => {
+        // Each emoji is 4 bytes
+        const emojiDir = '\u{1F600}'.repeat(64) // 256 bytes
+        const result = validateDirectoryPath(`/Users/${emojiDir}`)
+        expect(result.severity).toBe('error')
+        expect(result.message).toMatch(/A folder name in the path is too long/)
+    })
+
+    it('allows path just under 1024 bytes', () => {
+        // Build a long path from many short segments to avoid per-component limit
+        const segment = 'a'.repeat(100)
+        const path = ('/' + segment).repeat(10) + '/' + 'b'.repeat(12) // 10 * 101 + 13 = 1023 bytes
+        expect(validateDirectoryPath(path).severity).toBe('ok')
+    })
+})
+
 describe('getExtension', () => {
     it('returns extension with dot', () => {
         expect(getExtension('file.txt')).toBe('.txt')

apps/desktop/src/lib/utils/filename-validation.ts

@@ -1,7 +1,16 @@
 /** Client-side filename validation for instant keystroke feedback. */
 
-const MAX_NAME_BYTES = 255
-const MAX_PATH_BYTES = 1024
+/** Defaults match macOS. Call initPathLimits() at startup to get platform-specific values from the backend. */
+let maxNameBytes = 255
+let maxPathBytes = 1024
+
+/** Fetches platform-specific limits from the backend. Call once at app startup. */
+export async function initPathLimits(): Promise<void> {
+    const { getPathLimits } = await import('$lib/tauri-commands')
+    const limits = await getPathLimits()
+    maxNameBytes = limits.maxNameBytes
+    maxPathBytes = limits.maxPathBytes
+}
 
 /** Characters disallowed on macOS (APFS/HFS+). TODO: Per-OS logic for future platforms. */
 const DISALLOWED_CHARS_REGEX = /[/\0]/
@@ -15,29 +24,33 @@ export interface ValidationResult {
 
 const OK_RESULT: ValidationResult = { severity: 'ok', message: '' }
 
-/** Validates a filename for disallowed characters. Operates on trimmed value. */
-export function validateDisallowedChars(name: string): ValidationResult {
+function nameLabel(isDir: boolean): string {
+    return isDir ? 'Folder name' : 'Filename'
+}
+
+/** Validates a file or dir name for disallowed characters. Operates on trimmed value. */
+export function validateDisallowedChars(name: string, isDir = false): ValidationResult {
     if (DISALLOWED_CHARS_REGEX.test(name)) {
-        return { severity: 'error', message: 'Filenames can\'t contain "/" or null characters' }
+        return { severity: 'error', message: `${nameLabel(isDir)} can't contain "/" or null characters` }
     }
     return OK_RESULT
 }
 
-/** Validates that a filename is not empty after trimming. */
-export function validateNotEmpty(name: string): ValidationResult {
+/** Validates that a file or dir name is not empty after trimming. */
+export function validateNotEmpty(name: string, isDir = false): ValidationResult {
     if (name.trim().length === 0) {
-        return { severity: 'error', message: "A filename can't be empty" }
+        return { severity: 'error', message: `${nameLabel(isDir)} can't be empty` }
     }
     return OK_RESULT
 }
 
-/** Validates filename byte length (max 255 bytes). */
-export function validateNameLength(name: string): ValidationResult {
+/** Validates name byte length (max 255 bytes). */
+export function validateNameLength(name: string, isDir = false): ValidationResult {
     const byteLength = new TextEncoder().encode(name.trim()).length
-    if (byteLength >= MAX_NAME_BYTES) {
+    if (byteLength >= maxNameBytes) {
         return {
             severity: 'error',
-            message: `Filename is too long (${String(byteLength)}/${String(MAX_NAME_BYTES)} bytes)`,
+            message: `${nameLabel(isDir)} is too long (${String(byteLength)}/${String(maxNameBytes)} bytes)`,
         }
     }
     return OK_RESULT
@@ -47,10 +60,10 @@ export function validateNameLength(name: string): ValidationResult {
 export function validatePathLength(parentPath: string, name: string): ValidationResult {
     const fullPath = parentPath.endsWith('/') ? parentPath + name.trim() : parentPath + '/' + name.trim()
     const byteLength = new TextEncoder().encode(fullPath).length
-    if (byteLength >= MAX_PATH_BYTES) {
+    if (byteLength >= maxPathBytes) {
         return {
             severity: 'error',
-            message: `Full path is too long (${String(byteLength)}/${String(MAX_PATH_BYTES)} bytes)`,
+            message: `Full path is too long (${String(byteLength)}/${String(maxPathBytes)} bytes)`,
         }
     }
     return OK_RESULT
@@ -102,6 +115,45 @@ export function validateConflict(newName: string, siblingNames: string[], origin
     return OK_RESULT
 }
 
+/** Validates a full directory path (not a filename). Checks structure only, not existence. */
+export function validateDirectoryPath(path: string): ValidationResult {
+    const trimmed = path.trim()
+
+    if (trimmed.length === 0) {
+        return { severity: 'error', message: "Path can't be empty" }
+    }
+
+    if (!trimmed.startsWith('/')) {
+        return { severity: 'error', message: 'Path must be absolute (start with /)' }
+    }
+
+    if (trimmed.includes('\0')) {
+        return { severity: 'error', message: 'Path contains a null character' }
+    }
+
+    const encoder = new TextEncoder()
+    const totalBytes = encoder.encode(trimmed).length
+    if (totalBytes >= maxPathBytes) {
+        return {
+            severity: 'error',
+            message: `Path is too long (${String(totalBytes)}/${String(maxPathBytes)} bytes)`,
+        }
+    }
+
+    const segments = trimmed.split('/').filter((s) => s.length > 0)
+    for (const segment of segments) {
+        const segmentBytes = encoder.encode(segment).length
+        if (segmentBytes >= maxNameBytes) {
+            return {
+                severity: 'error',
+                message: `A folder name in the path is too long (${String(segmentBytes)}/${String(maxNameBytes)} bytes)`,
+            }
+        }
+    }
+
+    return OK_RESULT
+}
+
 /** Runs all validation checks and returns the first error, then the first warning, or ok. */
 export function validateFilename(
     newName: string,