fix(recipe): deep-copy validation config during merge

[kiwigitops]

Summary

• clone validation configs/phases when merging recipe metadata instead of assigning overlay pointers directly
• deep-copy validation slices and node-selection maps/slices
• add regression coverage for readiness, deployment, performance, and conformance phases

Closes #984.

Testing

• git diff --check

I could not run go test ./pkg/recipe locally because this Windows environment does not have go on PATH.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

Welcome to AICR, @kiwigitops! Thanks for your first pull request.

Before review, please ensure:

• All commits are signed off per the DCO
• CI checks pass (tests, lint, security scan)
• The PR description explains the why behind your changes

A maintainer will review this soon.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: e7b81e31-881f-4b18-97a3-3b3d3af85b7f

📥 Commits

Reviewing files that changed from the base of the PR and between f7bebf0 and 6ff1291.

📒 Files selected for processing (2)

• pkg/recipe/metadata.go
• pkg/recipe/metadata_test.go

---

📝 Walkthrough

Walkthrough

This PR fixes a cache corruption vulnerability in RecipeMetadataSpec.Merge by replacing pointer aliasing with deep-cloning of validation phase data. Three new helper functions (cloneValidationConfig, cloneValidationPhase, cloneNodeSelection) recursively copy all slices and maps to eliminate shared backing storage. The Merge method now invokes these helpers to clone validation phases from overlays instead of assigning pointers directly. A comprehensive test validates that mutations to merged validation data do not propagate back to the cached overlay.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• fix(recipe): deep-clone ValidationConfig phases in Merge to prevent cache corruption #984: Directly addresses the deep-cloning of ValidationConfig phases in Merge to prevent cache corruption — this PR implements the exact fix proposed in that issue.
• Library-readiness hardening for in-process Go consumers #983: Parent issue that documents the broader validation/caching isolation work; this PR resolves the standalone child issue for preventing slice/map/pointer aliasing in overlay merges.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(recipe): deep-copy validation config during merge' accurately and concisely describes the main change of deep-cloning validation configurations in the Merge method to prevent aliasing issues.
Description check	✅ Passed	The description is related to the changeset, covering the core fix (cloning validation configs during merge), deep-copying validation slices and node-selection maps, and test coverage additions for all four phases.
Linked Issues check	✅ Passed	The PR implements all coding requirements from issue #984: deep-clones validation phases with three helper functions (cloneValidationConfig, cloneValidationPhase, cloneNodeSelection), updates Merge for all four phases, adds table-driven regression tests covering mutations of Constraints/Checks/NodeSelection across all phases, and includes no direct aliasing patterns.
Out of Scope Changes check	✅ Passed	All changes directly address the linked issue #984 objectives: cloning validation structures during merge, providing the three required private helper functions, updating the four phase branches, and adding regression test coverage. No out-of-scope modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}