CRITICAL: Shallow copy in wouldCreateCycle() corrupts dependency graph #28
Description
Problem
wouldCreateCycle() in src/core/dependency-graph.ts:218 performs a shallow copy of the graph Map, causing mutations to corrupt the original graph.
Root Cause
// Line 218 - SHALLOW COPY
const tempGraph = new Map(this.graph);
// Line 224 - MUTATES ORIGINAL SET!
tempGraph.get(taskIdStr)!.add(dependsOnStr);The Map is copied, but the Set values are references to the original Sets. When we add to the temp graph's Set, we're actually mutating the original graph's Set.
Impact
- Severity: CRITICAL
- Production Risk: HIGH - Can cause graph corruption during cycle checks
- Scope: All cycle detection operations
- Data Corruption: Proposed edges are permanently added to graph even if cycle is detected
Reproduction
const graph = new DependencyGraph([]);
graph.addEdge('A', 'B');
// Check if B -> A would create cycle (it would)
const result = graph.wouldCreateCycle('B', 'A');
// BUG: The original graph now has B -> A edge even though we only checked!
// The graph is now corrupted with a cycle that was never supposed to be addedFix
Deep copy both Map and Sets:
const tempGraph = new Map(
Array.from(this.graph.entries()).map(([k, v]) => [k, new Set(v)])
);Discovered By
Code review audit - Performance analysis (audit-performance agent)
Files Affected
src/core/dependency-graph.ts:218- All cycle detection code paths
Priority
CRITICAL - Fix immediately. This is a data corruption bug that affects core functionality.