W19: plugin_loader hardening — ABI try/catch, path validation, atomic IDs, CLI exit codes (W19.1-W19.5)

Fixes: F-18.3-1 through F-18.3-5 (all CLOSED, findings registry at zero)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/engineer-chen/profile.md

@@ -67,5 +67,18 @@ performance_log:
       - "跨 DLL 堆: 全部使用 g_host->strdup (符合 plugin-abi.md §3)，无 std::strdup"
       - "编译: cmake --build build --config Release → 0 error"
       - "测试: ctest → 4/4 pass (smoke + host-api + event-bus + service-registry)"
+  - date: 2026-05-27
+    event: "W19.2 - 修复 plugin_loader 4 条 MEDIUM 发现 (F-18.3-2/3/4/5)"
+    rating: success
+    details:
+      - "F-18.3-2: load_plugin 5 失败点全静默 → 添加 host_api_->log 错误日志，LoadLibrary/GetProcAddress 调用 GetLastError()，dlopen/dlsym 调用 dlerror() 获取诊断信息"
+      - "F-18.3-3: dstalk_plugin_load 路径零验证 → 添加 fs::absolute + lexically_normal 路径规范化、扩展名白名单(.dll/.so/.dylib 大小写不敏感)、目录约束(plugins/ 子目录)、.. 目录遍历拒绝"
+      - "F-18.3-4: initialize_all fprintf(stderr) → 改为 host_api->log() (已在 W18 前置修复，本波移除残余 cstdio include)"
+      - "F-18.3-5: next_id_++ 非原子 → 改为 std::atomic<int> next_id_{1}，header 添加 #include <atomic>"
+      - "plugin_loader.hpp: 添加 #include <atomic>, std::atomic<int> next_id_, host_api_ 成员"
+      - "plugin_loader.cpp: 添加 #include <filesystem>/<cctype>, 命名空间 fs=std::filesystem, 移除 #include <cstdio>"
+      - "编译: cmake --build build --config Release → 0 error"
+      - "测试: ctest → 5/5 pass (smoke + host-api + event-bus + service-registry + context)"
+      - "协作: 与刘静 (qa-liu) 配对实施 + 验证"
 current_groups: []
 ---