W16: close CRITICAL/HIGH findings, integrate metadata gate, complete audit summaries (W16.1-W16.6)

- W16.1 (曹武): F-11.7-1 CLOSED — confirmed W12.4 fix, corrupt binary eliminated
- W16.2 (孙宇): F-11.1-1 FIXED — context_plugin.cpp try/catch on set_max_tokens + on_shutdown
- W16.3 (陈风): F-11.1-2 CLOSED — confirmed W12.1 fix, strdup OOM protection already in place
- W16.4 (胡桐): Integrate check_agents_metadata into refresh_status.py as pre-gate (error→exit 1)
- W16.5 (周岩): Add Findings Summary to W13.3 network audit, register 3 findings
- W16.6 (赵码): Add Findings Summary to W13.1+W13.2 AI audits, register 8 findings (4 already W14-fixed)

Build 0 error, ctest 4/4 pass, metadata check 0 error 0 warning.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/audits/W13.1-anthropic-audit.md

@@ -254,3 +254,20 @@ L92-97: Anthropic API 要求 system 为顶层字段（非 messages 数组元素
 - **安全日志参考**: docs/explanation/security-logging.md (W9.3)
 - **对比文件**: plugins/deepseek/src/deepseek_plugin.cpp (仅参考，不审计)
 - **不修改文件**: anthropic_plugin.cpp (审计只读)
+
+
+## Findings Summary
+
+| ID | Severity | Title | Fix Wave |
+|----|----------|-------|----------|
+| F-13.1-1 | HIGH | 6 C ABI functions zero try/catch protection (§8): my_configure (L243), my_chat (L266), my_chat_stream (L348), sse_line_callback (L321), on_init (L454), on_shutdown (L470) -- any std::bad_alloc → std::terminate() | W14 |
+| F-13.1-2 | HIGH | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body (my_chat_stream correctly frees it) | -- |
+| F-13.1-3 | HIGH | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | -- |
+| F-13.1-4 | MEDIUM | sse_line_callback no exception protection (L326 std::string alloc via C fn ptr): relies on network plugin's try/catch as fragile assumption | W14 |
+| F-13.1-5 | LOW | temporary std::string + c_str() + strdup fragile pattern (L405-406): safe today but refactoring risk if c_str/strdup calls separated | -- |
+| F-13.1-6 | LOW | g_config dead variable (L16): written in on_init (L458) and on_shutdown (L476), never read | -- |
+| F-13.1-7 | LOW | heap memory residual for api_key after RAII destruction: build_headers_json returns std::string with x-api-key on stack, not zeroed on free | -- |
+| F-13.1-8 | LOW | my_chat post_json error returns only generic "http request failed" (L295-297): does not distinguish timeout/SSL/DNS | -- |
+| F-13.1-9 | LOW | my_chat_stream ignores post_stream return value (L379-383): only checks status_code, not ret | -- |
+| F-13.1-10 | LOW | Anthropic tool_use blocks silently ignored (L163-173): parse_response only extracts type=="text", tool_use blocks lost; tool_calls_json always nullptr | -- |
+| F-13.1-11 | LOW | system messages merged with "\n\n" (L95): may blur cross-message semantic boundaries | -- |

agents/audits/W13.2-deepseek-audit.md

@@ -230,3 +230,13 @@ deepseek 真正独有的代码 (~130 行):
 | **综合** | **C+** |
 
 **总评**: SSE 解析因为有 `catch(...)` 全面兜底, 比预期更鲁棒。核心风险在于**所有 ABI 入口函数无 try/catch** — 一旦传入畸形 tools_json 或 tool_calls_json, JSON 解析异常直接导致进程 `std::terminate()`。这是可稳定复现的 crash 路径, 非理论威胁。与 anthropic 的 ~55% 重复度表明存在显著"可重构面", 建议后续 Wave 考虑抽取 `ai_plugin_base` 共享层。
+
+
+## Findings Summary
+
+| ID | Severity | Title | Fix Wave |
+|----|----------|-------|----------|
+| F-13.2-1 | HIGH | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | W14 |
+| F-13.2-2 | MEDIUM | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected); caller my_chat/my_chat_stream also lack wrapping | W14 |
+| F-13.2-3 | MEDIUM | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces or format deviation prevent match → stream never terminates → caller hang | -- |
+| F-13.2-4 | MEDIUM | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | -- |

agents/audits/W13.3-network-audit.md

@@ -164,3 +164,13 @@ HttpClientCtx() {
 | **综合** | **C** |
 
 **总评**: RAII、堆纪律、字符串生命周期、并发安全均高质量。但 TLS 证书验证完全禁用 (F) 是致命安全缺陷，DNS 无超时可无限 hang。两个问题 (TLS + DNS) 使该插件在任何生产环境中不可用。修复后预期可达 A 级。
+
+---
+
+## Findings Summary
+
+| ID | Severity | Title |
+|----|----------|-------|
+| F-13.3-1 | CRITICAL | TLS 证书验证完全禁用：`set_verify_mode(ssl::verify_peer)` 未调用，默认 `verify_none` 接受任何证书，无 hostname 验证 (L87-93) |
+| F-13.3-2 | HIGH | DNS 解析无超时：`resolver.resolve(host, port)` 同步调用，socket 未创建无法设超时，DNS 无响应则线程永久阻塞 (L142) |
+| F-13.3-3 | MEDIUM | 异常处理缺 `catch(...)` 兜底：仅捕获 `std::exception&`，非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) |

agents/audits/findings-registry.md

@@ -2,7 +2,7 @@
 
 > **维护人**: grp-quality-core (王测)
 > **格式定义**: 见 `agents/WORKFLOW.md` §14.2
-> **最后更新**: 2026-05-27 (W15.2 初始化，从 W11.1/W11.7 审计报告提取)
+> **最后更新**: 2026-05-27 (W16.6 赵码，从 W13.1/W13.2 提取 8 条 MEDIUM+ 发现)
 
 ---
 
@@ -10,16 +10,24 @@
 
 | ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
 |----|----------|--------|-------|--------|-------------|----------|-------------|
-| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | OPEN | — | — | — |
 | F-11.7-2 | MEDIUM | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/clear` reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 | OPEN | — | — | — |
 | F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | OPEN | — | — | — |
 | F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | OPEN | — | — | — |
-| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界，违反plugin-abi §5.3；trim_impl (L114-226) 无try/catch → std::terminate() | OPEN | — | — | — |
-| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查，OOM时静默失败+泄漏；L138-141/L219-222 循环内4次strdup无nullptr检查 | OPEN | — | — | — |
 | F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死API，g_max_tokens从未被读取（L21/L243-244） | OPEN | — | — | — |
 | F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护（L42-64, L96-104），多字节序列假设后续字节有效 | OPEN | — | — | — |
 | F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复（L34-68 vs L91-106 ~90%重复） | OPEN | — | — | — |
 | F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别（L52, L100），仅影响token估算计数 | OPEN | — | — | — |
+| F-13.3-1 | CRITICAL | [W13.3-network-audit.md](W13.3-network-audit.md) | TLS 证书验证完全禁用：`set_verify_mode(ssl::verify_peer)` 未调用，默认 `verify_none` 接受任何证书，无 hostname 验证 (L87-93) | OPEN | — | — | — |
+| F-13.3-2 | HIGH | [W13.3-network-audit.md](W13.3-network-audit.md) | DNS 解析无超时：`resolver.resolve(host, port)` 同步调用，socket 未创建无法设超时，DNS 无响应则线程永久阻塞 (L142) | OPEN | — | — | — |
+| F-13.3-3 | MEDIUM | [W13.3-network-audit.md](W13.3-network-audit.md) | 异常处理缺 `catch(...)` 兜底：仅捕获 `std::exception&`，非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | OPEN | — | — | — |
+| F-13.1-1 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | 6 C ABI functions zero try/catch protection (§8): my_configure/my_chat/my_chat_stream/sse_line_callback/on_init/on_shutdown -- any std::bad_alloc → std::terminate() | OPEN | — | W14 | — |
+| F-13.1-2 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body | OPEN | — | — | — |
+| F-13.1-3 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | OPEN | — | — | — |
+| F-13.1-4 | MEDIUM | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | sse_line_callback no exception protection (L326 std::string alloc): relies on network plugin try/catch as fragile assumption | OPEN | — | W14 | — |
+| F-13.2-1 | HIGH | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | OPEN | — | W14 | — |
+| F-13.2-2 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected) | OPEN | — | W14 | — |
+| F-13.2-3 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces prevent match → stream never terminates → caller hang | OPEN | — | — | — |
+| F-13.2-4 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | OPEN | — | — | — |
 
 ---
 
@@ -29,7 +37,10 @@
 
 | ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
 |----|----------|--------|-------|-------------|----------|-------------|
-| — | — | — | 暂无已关闭发现 | — | — | — |
+| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | 2026-05-27 | W12.4 | security-cao |
+| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界，违反plugin-abi §5.3；trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() | 2026-05-27 | W16.2 | engineer-sun |
+| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查，OOM时静默失败+泄漏；L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen |
+| — | — | — | 暂无其他已关闭发现 | — | — | — |
 
 ---
 
@@ -38,3 +49,7 @@
 | Date | Change | Author |
 |------|--------|--------|
 | 2026-05-27 | W15.2 初始化，从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) |
+| 2026-05-27 | W16.1: F-11.7-1 状态 CLOSED，W12.4 已彻底修复 build 产物路径不一致，验证通过 | 曹武 (security-cao) |
+| 2026-05-27 | W16.2: F-11.1-1 状态 FIXED，context_set_max_tokens / on_shutdown 添加 try/catch 包装 | 孙宇 (engineer-sun) |
+| 2026-05-27 | W16.3: F-11.1-2 状态 FIXED，strdup OOM 检查在 W12.1 strdup_message_fields() 已实现，g_host->strdup 四调用含 nullptr 检查+oom 回滚，编译 0 error + ctest 4/4 pass 验证通过 | 陈风 (engineer-chen) |
+| 2026-05-27 | W16.6: 从 W13.1/W13.2 审计报告提取 8 条 MEDIUM+ 发现录入 Open 分区；F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 标注 Fix Wave W14（ABI 异常安全已在 W14.5 修复） | 赵码 (engineer-zhao) |