Context
/search-issue audited the foundation di package for bug-finding and refactoring candidates.
Audit Purpose
Findings
P1
packages/di/src/container.ts:392-400,452-463,854-863: disposing a non-root request scope does not recursively dispose nested request scopes, leaving cached disposable instances alive until root disposal.packages/di/src/container.ts:38-45,355-363: inspectResolutionState() exposes live mutable Map references for registrations/cache, allowing external mutation of internal container state.packages/di/README.md:80-82, packages/di/src/container.test.ts:519-543,645-667,1069-1070,1654-1788: override descendant invalidation/stale instance disposal contract lacks targeted tests.
P2
packages/di/README.md:94-95, packages/di/src/container.test.ts:800-838: provide: null and zero-strategy provider validation edge cases lack direct tests.
R&D Brief
none
Contract Impact
- Behavior-change risk for request-scope cleanup.
- Ownership boundary hardening for introspection state.
- Test-only gaps for documented override/provider validation contracts.
Suggested Resolution
- Recursively dispose child request scopes from each request scope owner.
- Return defensive copies/read-only state from
inspectResolutionState().
- Add descendant override invalidation and provider validation edge tests.
Affected Packages
Affected Surfaces
- package source/test: required (
packages/di/src/container.ts, packages/di/src/container.test.ts)
- package README: needs-check (
packages/di/README.md, packages/di/README.ko.md)
- docs: needs-check (
docs/contracts/behavioral-contract-policy.md, docs/contracts/testing-guide.md)
- book: not-required
- examples: not-required
- changeset: needs-check because cleanup/introspection behavior affects public package semantics.
Why Now
DI owns lifecycle and provider resolution for all fluo packages; stale request scopes or mutable introspection state can corrupt higher-level runtime behavior.
Context
/search-issueaudited the foundationdipackage for bug-finding and refactoring candidates.Audit Purpose
Findings
P1
packages/di/src/container.ts:392-400,452-463,854-863: disposing a non-root request scope does not recursively dispose nested request scopes, leaving cached disposable instances alive until root disposal.packages/di/src/container.ts:38-45,355-363:inspectResolutionState()exposes live mutableMapreferences for registrations/cache, allowing external mutation of internal container state.packages/di/README.md:80-82,packages/di/src/container.test.ts:519-543,645-667,1069-1070,1654-1788: override descendant invalidation/stale instance disposal contract lacks targeted tests.P2
packages/di/README.md:94-95,packages/di/src/container.test.ts:800-838:provide: nulland zero-strategy provider validation edge cases lack direct tests.R&D Brief
none
Contract Impact
Suggested Resolution
inspectResolutionState().Affected Packages
diAffected Surfaces
packages/di/src/container.ts,packages/di/src/container.test.ts)packages/di/README.md,packages/di/README.ko.md)docs/contracts/behavioral-contract-policy.md,docs/contracts/testing-guide.md)Why Now
DI owns lifecycle and provider resolution for all fluo packages; stale request scopes or mutable introspection state can corrupt higher-level runtime behavior.