fix: preserve directory permissions during copy-ignored step (#1590)

## Problem

`copy_dir_recursive_fallback()` uses `fs::create_dir_all()` to create
destination directories, which always uses default permissions (0755).
This means source directory permissions are lost during the copy-ignored
step.

For example, a directory with mode `0700` (used by tools like Postgres
for data directories) becomes `0755` in the new worktree, breaking
applications that require specific directory permissions.

## Solution

After creating the destination directory, copy the source directory's
permissions using `fs::set_permissions()` on Unix. This preserves the
original permission mode for all directories copied recursively.

## Testing

- Added `test_copy_ignored_preserves_directory_permissions` — creates a
directory with mode 0700, copies it via copy-ignored, and verifies the
destination has the same mode
- Updated `test_copy_ignored_error_includes_path_directory` — the source
directory now also has restricted permissions so that the
permission-preservation code maintains the error scenario
- All 37 copy-ignored tests pass

---
Closes #1589 — automated triage

---------

Co-authored-by: worktrunk-bot <254187624+worktrunk-bot@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

Author: worktrunk-bot

src/commands/step_commands.rs

@@ -907,6 +907,18 @@ fn copy_dir_recursive_fallback(src: &Path, dest: &Path, force: bool) -> anyhow::
         }
     }
 
+    // Preserve source directory permissions AFTER copying contents.
+    // Must be done after the loop — if the source lacks write permission (e.g., 0o555),
+    // setting it before copying would make the destination read-only and fail the copies.
+    #[cfg(unix)]
+    {
+        let src_perms = fs::metadata(src)
+            .with_context(|| format!("reading permissions for {}", src.display()))?
+            .permissions();
+        fs::set_permissions(dest, src_perms)
+            .with_context(|| format!("setting permissions on {}", dest.display()))?;
+    }
+
     Ok(())
 }
 

tests/integration_tests/step_copy_ignored.rs

@@ -1082,6 +1082,86 @@ fn test_copy_ignored_broken_symlink_in_dir_at_dest(mut repo: TestRepo) {
     );
 }
 
+/// Test that directory permissions are preserved during copy (GitHub issue #1589)
+///
+/// When copying gitignored directories, the destination directories should have the
+/// same permissions as the source directories. For example, a directory with mode 0700
+/// should not become 0755 in the destination.
+#[cfg(unix)]
+#[rstest]
+fn test_copy_ignored_preserves_directory_permissions(mut repo: TestRepo) {
+    use std::os::unix::fs::PermissionsExt;
+
+    let feature_path = repo.add_worktree("feature");
+
+    // Create a directory with restrictive permissions (0700)
+    let test_dir = repo.root_path().join("test");
+    fs::create_dir_all(&test_dir).unwrap();
+    fs::write(test_dir.join("file"), "content").unwrap();
+    fs::set_permissions(&test_dir, fs::Permissions::from_mode(0o700)).unwrap();
+
+    // Add to .gitignore
+    fs::write(repo.root_path().join(".gitignore"), "test\n").unwrap();
+
+    // Run copy-ignored
+    let output = repo
+        .wt_command()
+        .args(["step", "copy-ignored"])
+        .current_dir(&feature_path)
+        .output()
+        .unwrap();
+    assert!(
+        output.status.success(),
+        "copy-ignored should succeed: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+
+    // Verify directory was copied
+    let dest_dir = feature_path.join("test");
+    assert!(dest_dir.exists(), "test directory should be copied");
+    assert!(dest_dir.join("file").exists(), "test/file should be copied");
+
+    // Verify directory permissions are preserved (0700, not default 0755)
+    let dest_mode = fs::metadata(&dest_dir).unwrap().permissions().mode() & 0o777;
+    assert_eq!(
+        dest_mode, 0o700,
+        "Directory permissions should be preserved (expected 0700, got {dest_mode:04o})"
+    );
+
+    // Also verify read-only directories (0o555) are handled correctly.
+    // Permissions must be set AFTER copying contents, otherwise the destination
+    // becomes read-only before files are copied into it.
+    let readonly_dir = repo.root_path().join("readonly");
+    fs::create_dir_all(&readonly_dir).unwrap();
+    fs::write(readonly_dir.join("data"), "content").unwrap();
+    fs::set_permissions(&readonly_dir, fs::Permissions::from_mode(0o555)).unwrap();
+    fs::write(repo.root_path().join(".gitignore"), "test\nreadonly\n").unwrap();
+
+    let output = repo
+        .wt_command()
+        .args(["step", "copy-ignored"])
+        .current_dir(&feature_path)
+        .output()
+        .unwrap();
+    let dest_readonly = feature_path.join("readonly");
+    assert!(
+        output.status.success(),
+        "copy-ignored should handle read-only source dirs: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+    // Check permissions BEFORE restoring for cleanup
+    let dest_readonly_mode = fs::metadata(&dest_readonly).unwrap().permissions().mode() & 0o777;
+    // Restore for cleanup
+    fs::set_permissions(&readonly_dir, fs::Permissions::from_mode(0o755)).unwrap();
+    if dest_readonly.exists() {
+        fs::set_permissions(&dest_readonly, fs::Permissions::from_mode(0o755)).unwrap();
+    }
+    assert_eq!(
+        dest_readonly_mode, 0o555,
+        "Read-only directory permissions should be preserved (expected 0555, got {dest_readonly_mode:04o})"
+    );
+}
+
 /// Test that VCS metadata directories are excluded from copy-ignored (GitHub issue #1249)
 ///
 /// VCS metadata directories like `.jj` (Jujutsu), `.hg` (Mercurial) contain internal