[audit] deps: clone chain drops ctx — cp -R fallback is uncancellable

[lugassawan]

Audit findings — deps

Scope: reliability · Severity range: Medium–Medium
Source: codebase audit

reliability

Severity	File:Line	Symptom	Suggested fix
Medium	internal/deps/clone.go:169	cowCopyCmd and cp -R fallback use exec.Command (not exec.CommandContext); large copies can't be interrupted.	Thread existing ctx through the clone chain; switch to exec.CommandContext + configureProcessGroup(cmd) (matching the pattern used by deps/hooks.go:30 and manager.go:207).

Root cause: Clone chain (cloneAndPost → CloneModule → CloneDir → cowCopy) drops the ctx one frame below cloneAndPost (which has a usable ctx). Sibling functions deps/hooks.go:30 and manager.go:207 correctly use exec.CommandContext.

Reasoning chain: 1. clone.go:25-29,169 build commands via exec.Command (no ctx). 2. CloneDir/cowCopy signatures take no ctx. 3. SIGINT during a multi-GB cp -R fallback is queued but the copy runs to completion, orphaning the process group.

Counter-evidence considered: CoW --reflink is near-instant, but the fallback cp -R (non-CoW filesystems / CoW failure) is a full byte copy — exactly when copies are slow and cancellation matters. "CoW is fast" does not cover the failure path.

---

Provenance

Filed by workflow-audit-emit-issues from an in-session codebase audit.
Re-running re-files — check for duplicates before confirming.