W16: close CRITICAL/HIGH findings, integrate metadata gate, complete audit summaries (W16.1-W16.6)

- W16.1 (曹武): F-11.7-1 CLOSED — confirmed W12.4 fix, corrupt binary eliminated
- W16.2 (孙宇): F-11.1-1 FIXED — context_plugin.cpp try/catch on set_max_tokens + on_shutdown
- W16.3 (陈风): F-11.1-2 CLOSED — confirmed W12.1 fix, strdup OOM protection already in place
- W16.4 (胡桐): Integrate check_agents_metadata into refresh_status.py as pre-gate (error→exit 1)
- W16.5 (周岩): Add Findings Summary to W13.3 network audit, register 3 findings
- W16.6 (赵码): Add Findings Summary to W13.1+W13.2 AI audits, register 8 findings (4 already W14-fixed)

Build 0 error, ctest 4/4 pass, metadata check 0 error 0 warning.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/STATUS.md

@@ -7,22 +7,22 @@
 
 | Agent ID | 姓名 | 角色 | 最近一次贡献 | perf_log | 当前小组 | 状态 |
 |---|---|---|---|---|---|---|
-| architect-huang | 黄岭 | 架构师 | W11.1 审计 context_plugin.cpp (289行，零Wave覆盖) | 2 | -- | idle |
+| architect-huang | 黄岭 | 架构师 | W13.4 深度审计 lsp_plugin.cpp (749行) | 3 | -- | idle |
-| architect-lin | 林深 | 架构师 | W9.4 撰写 docs/reference/plugin-abi.md Plugin ABI 契约文档（200行） | 6 | grp-ai-plugins, grp-quality-core | idle |
+| architect-lin | 林深 | 架构师 | W14.4 诊断 W12.2 双 store 整合未生效根因——测试加载了 build/tests/plugins/ 下 pre-W12.2 的旧 DLL | 8 | grp-ai-plugins, grp-quality-core | idle |
-| architect-yang | 杨帆 | 架构师 | W10.1 设计协作状态机 + 验收清单 + 失败回退协议，追加 WORKFLOW.md §11–§13 | 2 | -- | idle |
+| architect-yang | 杨帆 | 架构师 | W15.7 根据 W15.4 审查发现修复 WORKFLOW.md 3 处交叉引用 | 6 | -- | idle |
 | designer-zhu | 朱晴 | UX/CLI 设计师 | W10.3 创建 agents/PROMPT_TEMPLATE.md 子代理 prompt 模板（约 170 行） | 2 | grp-cli-ux | idle |
-| devops-hu | 胡桐 | DevOps 工程师 | 落地 4 项 CMake 改进 (审查报告 C1-C4) | 2 | grp-build-matrix | idle |
+| devops-hu | 胡桐 | DevOps 工程师 | W15.3 设计 agents/ 目录元数据自检机制 (scripts/check_agents_metadata.py) | 6 | grp-build-matrix | idle |
 | devops-ma | 马奔 | DevOps 工程师 | 落地 CI pipeline (GitHub Actions) | 2 | grp-build-matrix | idle |
-| engineer-chen | 陈风 | 工程师 | W11.2 审计 config_plugin / ConfigStore 职责划分与跨 DLL 堆合规 | 3 | -- | idle |
+| engineer-chen | 陈风 | 工程师 | W11.2 审计 config_plugin / ConfigStore 职责划分与跨 DLL 堆合规 | 4 | -- | idle |
-| engineer-li | 李明 | 工程师 | W11.6 编写 scripts/refresh_status.py 自动扫描 agents/*/profile.md 重新生成 agents/STA... | 3 | -- | idle |
+| engineer-li | 李明 | 工程师 | W12.5 使用 scripts/refresh_status.py 重新生成 agents/STATUS.md (46行) | 4 | -- | idle |
-| engineer-sun | 孙宇 | 工程师 | W6.1 修复 LSP reader_loop 协议合规 bug（Content-Length 状态机解析） | 2 | -- | idle |
+| engineer-sun | 孙宇 | 工程师 | W14.2 修复 lsp_plugin.cpp 致命死锁 (W13.4 审计发现) + vtable 异常包装 | 4 | -- | idle |
 | engineer-zhao | 赵码 | 工程师 | W9.6 CLI新增/history[N]命令，含三种边界处理；/status增加history count | 6 | grp-ai-plugins, grp-cli-ux | idle |
-| engineer-zhou | 周岩 | 工程师 | W5.1 network_plugin SSE 改 buffer_body | 2 | -- | idle |
+| engineer-zhou | 周岩 | 工程师 | W16.5 W13.3 网络审计报告补充 Findings Summary | 5 | -- | idle |
 | qa-liu | 刘静 | 质量工程师 | W11.3 event_bus 单元测试 (6 cases, tests/event_bus_test.cpp) + service_registry... | 3 | grp-security-audit | idle |
-| qa-wang | 王测 | 质量工程师 | W7 smoke test 插件加载修复 | 5 | grp-cli-ux, grp-quality-core | idle |
+| qa-wang | 王测 | 质量工程师 | W15.8 根据 W15.5 审查发现修复 §14 内部问题 + PROMPT_TEMPLATE 缺失标注 | 9 | grp-cli-ux, grp-quality-core | idle |
-| qa-xu | 徐磊 | 质量工程师 | W11.7 破坏性输入测试：build/dstalk-cli/dstalk-cli.exe (commit 004a81d) 10 场景全 PASS 零崩溃 | 4 | grp-security-audit | idle |
+| qa-xu | 徐磊 | 质量工程师 | W13.6 扩展 tests/smoke_test.cpp (430→623 行, +193): 新增 4 个回归保护 case — R1 conte... | 5 | grp-security-audit | idle |
-| security-cao | 曹武 | 安全工程师 | W9.3 错误日志凭证泄露审计（8文件，0真实漏洞） | 3 | grp-security-audit | idle |
+| security-cao | 曹武 | 安全工程师 | W14.3 修复 W13.5 审计发现 — 路径遍历 + 全局状态加锁 + 9 vtable try/catch | 5 | grp-security-audit | idle |
-| writer-deng | 邓书 | 技术作家 | Diátaxis 第二刀: 补充 Explanation 类文档 — architecture.md (插件架构哲学/三层模型/C ABI... | 2 | -- | idle |
+| writer-deng | 邓书 | 技术作家 | W12.6 ABI 文档缺口填补: plugin-abi.md 追加 §8 异常安全(涵盖 service vtable 函数 | 3 | -- | idle |
 
 > **状态判定规则**: 基于 `performance_log` 最后一条的 `rating`——`ongoing` 视为 `working`，其余 (`A/A+/B/completed/done/success/good`) 视为 `idle`。
 
@@ -40,7 +40,7 @@
 
 ## Wave 进度
 
-**已完成高水位**: W11.7（基于 16 份 profile.md 的 performance_log 聚合）
+**已完成高水位**: W16.5（基于 16 份 profile.md 的 performance_log 聚合）
 
-**已发现 Wave 编号**: W1.1, W2.1, W2.2, W5.1, W6.1, W7, W9.3, W9.4, W9.6, W9.10, W10.1, W10.2, W10.3, W10.4, W11.1, W11.2, W11.3, W11.6, W11.7
+**已发现 Wave 编号**: W1.1, W2.1, W2.2, W5.1, W6.1, W7, W9.3, W9.4, W9.6, W9.10, W10.1, W10.2, W10.3, W10.4, W11, W11.1, W11.2, W11.3, W11.6, W11.7, W12, W12.1, W12.2, W12.4, W12.5, W12.6, W13.1, W13.2, W13.3, W13.4, W13.5, W13.6, W14.1, W14.2, W14.3, W14.4, W14.5, W15.1, W15.2, W15.3, W15.4, W15.5, W15.6, W15.7, W15.8, W15.9, W16.5
 

agents/audits/W13.1-anthropic-audit.md

@@ -254,3 +254,20 @@ L92-97: Anthropic API 要求 system 为顶层字段（非 messages 数组元素
 - **安全日志参考**: docs/explanation/security-logging.md (W9.3)
 - **对比文件**: plugins/deepseek/src/deepseek_plugin.cpp (仅参考，不审计)
 - **不修改文件**: anthropic_plugin.cpp (审计只读)
+
+
+## Findings Summary
+
+| ID | Severity | Title | Fix Wave |
+|----|----------|-------|----------|
+| F-13.1-1 | HIGH | 6 C ABI functions zero try/catch protection (§8): my_configure (L243), my_chat (L266), my_chat_stream (L348), sse_line_callback (L321), on_init (L454), on_shutdown (L470) -- any std::bad_alloc → std::terminate() | W14 |
+| F-13.1-2 | HIGH | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body (my_chat_stream correctly frees it) | -- |
+| F-13.1-3 | HIGH | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | -- |
+| F-13.1-4 | MEDIUM | sse_line_callback no exception protection (L326 std::string alloc via C fn ptr): relies on network plugin's try/catch as fragile assumption | W14 |
+| F-13.1-5 | LOW | temporary std::string + c_str() + strdup fragile pattern (L405-406): safe today but refactoring risk if c_str/strdup calls separated | -- |
+| F-13.1-6 | LOW | g_config dead variable (L16): written in on_init (L458) and on_shutdown (L476), never read | -- |
+| F-13.1-7 | LOW | heap memory residual for api_key after RAII destruction: build_headers_json returns std::string with x-api-key on stack, not zeroed on free | -- |
+| F-13.1-8 | LOW | my_chat post_json error returns only generic "http request failed" (L295-297): does not distinguish timeout/SSL/DNS | -- |
+| F-13.1-9 | LOW | my_chat_stream ignores post_stream return value (L379-383): only checks status_code, not ret | -- |
+| F-13.1-10 | LOW | Anthropic tool_use blocks silently ignored (L163-173): parse_response only extracts type=="text", tool_use blocks lost; tool_calls_json always nullptr | -- |
+| F-13.1-11 | LOW | system messages merged with "\n\n" (L95): may blur cross-message semantic boundaries | -- |

agents/audits/W13.2-deepseek-audit.md

@@ -230,3 +230,13 @@ deepseek 真正独有的代码 (~130 行):
 | **综合** | **C+** |
 
 **总评**: SSE 解析因为有 `catch(...)` 全面兜底, 比预期更鲁棒。核心风险在于**所有 ABI 入口函数无 try/catch** — 一旦传入畸形 tools_json 或 tool_calls_json, JSON 解析异常直接导致进程 `std::terminate()`。这是可稳定复现的 crash 路径, 非理论威胁。与 anthropic 的 ~55% 重复度表明存在显著"可重构面", 建议后续 Wave 考虑抽取 `ai_plugin_base` 共享层。
+
+
+## Findings Summary
+
+| ID | Severity | Title | Fix Wave |
+|----|----------|-------|----------|
+| F-13.2-1 | HIGH | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | W14 |
+| F-13.2-2 | MEDIUM | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected); caller my_chat/my_chat_stream also lack wrapping | W14 |
+| F-13.2-3 | MEDIUM | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces or format deviation prevent match → stream never terminates → caller hang | -- |
+| F-13.2-4 | MEDIUM | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | -- |

agents/audits/W13.3-network-audit.md

@@ -164,3 +164,13 @@ HttpClientCtx() {
 | **综合** | **C** |
 
 **总评**: RAII、堆纪律、字符串生命周期、并发安全均高质量。但 TLS 证书验证完全禁用 (F) 是致命安全缺陷，DNS 无超时可无限 hang。两个问题 (TLS + DNS) 使该插件在任何生产环境中不可用。修复后预期可达 A 级。
+
+---
+
+## Findings Summary
+
+| ID | Severity | Title |
+|----|----------|-------|
+| F-13.3-1 | CRITICAL | TLS 证书验证完全禁用：`set_verify_mode(ssl::verify_peer)` 未调用，默认 `verify_none` 接受任何证书，无 hostname 验证 (L87-93) |
+| F-13.3-2 | HIGH | DNS 解析无超时：`resolver.resolve(host, port)` 同步调用，socket 未创建无法设超时，DNS 无响应则线程永久阻塞 (L142) |
+| F-13.3-3 | MEDIUM | 异常处理缺 `catch(...)` 兜底：仅捕获 `std::exception&`，非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) |

agents/audits/findings-registry.md

@@ -2,7 +2,7 @@
 
 > **维护人**: grp-quality-core (王测)
 > **格式定义**: 见 `agents/WORKFLOW.md` §14.2
-> **最后更新**: 2026-05-27 (W15.2 初始化，从 W11.1/W11.7 审计报告提取)
+> **最后更新**: 2026-05-27 (W16.6 赵码，从 W13.1/W13.2 提取 8 条 MEDIUM+ 发现)
 
 ---
 
@@ -10,16 +10,24 @@
 
 | ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
 |----|----------|--------|-------|--------|-------------|----------|-------------|
-| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | OPEN | — | — | — |
 | F-11.7-2 | MEDIUM | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/clear` reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 | OPEN | — | — | — |
 | F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | OPEN | — | — | — |
 | F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | OPEN | — | — | — |
-| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界，违反plugin-abi §5.3；trim_impl (L114-226) 无try/catch → std::terminate() | OPEN | — | — | — |
-| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查，OOM时静默失败+泄漏；L138-141/L219-222 循环内4次strdup无nullptr检查 | OPEN | — | — | — |
 | F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死API，g_max_tokens从未被读取（L21/L243-244） | OPEN | — | — | — |
 | F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护（L42-64, L96-104），多字节序列假设后续字节有效 | OPEN | — | — | — |
 | F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复（L34-68 vs L91-106 ~90%重复） | OPEN | — | — | — |
 | F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别（L52, L100），仅影响token估算计数 | OPEN | — | — | — |
+| F-13.3-1 | CRITICAL | [W13.3-network-audit.md](W13.3-network-audit.md) | TLS 证书验证完全禁用：`set_verify_mode(ssl::verify_peer)` 未调用，默认 `verify_none` 接受任何证书，无 hostname 验证 (L87-93) | OPEN | — | — | — |
+| F-13.3-2 | HIGH | [W13.3-network-audit.md](W13.3-network-audit.md) | DNS 解析无超时：`resolver.resolve(host, port)` 同步调用，socket 未创建无法设超时，DNS 无响应则线程永久阻塞 (L142) | OPEN | — | — | — |
+| F-13.3-3 | MEDIUM | [W13.3-network-audit.md](W13.3-network-audit.md) | 异常处理缺 `catch(...)` 兜底：仅捕获 `std::exception&`，非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | OPEN | — | — | — |
+| F-13.1-1 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | 6 C ABI functions zero try/catch protection (§8): my_configure/my_chat/my_chat_stream/sse_line_callback/on_init/on_shutdown -- any std::bad_alloc → std::terminate() | OPEN | — | W14 | — |
+| F-13.1-2 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body | OPEN | — | — | — |
+| F-13.1-3 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | OPEN | — | — | — |
+| F-13.1-4 | MEDIUM | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | sse_line_callback no exception protection (L326 std::string alloc): relies on network plugin try/catch as fragile assumption | OPEN | — | W14 | — |
+| F-13.2-1 | HIGH | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | OPEN | — | W14 | — |
+| F-13.2-2 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected) | OPEN | — | W14 | — |
+| F-13.2-3 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces prevent match → stream never terminates → caller hang | OPEN | — | — | — |
+| F-13.2-4 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | OPEN | — | — | — |
 
 ---
 
@@ -29,7 +37,10 @@
 
 | ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
 |----|----------|--------|-------|-------------|----------|-------------|
-| — | — | — | 暂无已关闭发现 | — | — | — |
+| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | 2026-05-27 | W12.4 | security-cao |
+| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界，违反plugin-abi §5.3；trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() | 2026-05-27 | W16.2 | engineer-sun |
+| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查，OOM时静默失败+泄漏；L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen |
+| — | — | — | 暂无其他已关闭发现 | — | — | — |
 
 ---
 
@@ -38,3 +49,7 @@
 | Date | Change | Author |
 |------|--------|--------|
 | 2026-05-27 | W15.2 初始化，从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) |
+| 2026-05-27 | W16.1: F-11.7-1 状态 CLOSED，W12.4 已彻底修复 build 产物路径不一致，验证通过 | 曹武 (security-cao) |
+| 2026-05-27 | W16.2: F-11.1-1 状态 FIXED，context_set_max_tokens / on_shutdown 添加 try/catch 包装 | 孙宇 (engineer-sun) |
+| 2026-05-27 | W16.3: F-11.1-2 状态 FIXED，strdup OOM 检查在 W12.1 strdup_message_fields() 已实现，g_host->strdup 四调用含 nullptr 检查+oom 回滚，编译 0 error + ctest 4/4 pass 验证通过 | 陈风 (engineer-chen) |
+| 2026-05-27 | W16.6: 从 W13.1/W13.2 审计报告提取 8 条 MEDIUM+ 发现录入 Open 分区；F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 标注 Fix Wave W14（ABI 异常安全已在 W14.5 修复） | 赵码 (engineer-zhao) |

agents/devops-hu/profile.md

@@ -68,5 +68,14 @@ performance_log:
       首轮运行发现 engineer-sun + security-cao 的 profile.md 存在同类 YAML 错误 (各 2 条目 orphan)。
       建议集成到 refresh_status.py 作为前置检查，并加入 WORKFLOW.md §5 CEO 自查清单。
     rating: done
+  - date: 2026-05-27
+    event: "W16.4: 将 check_agents_metadata.py 的 5 项检查集成为 refresh_status.py 前置门禁"
+    detail: >
+      refresh_status.py 新增 import check_agents_metadata 5 个 check 函数 (L28-35)。
+      main() 扫描 profiles 前执行全部 5 项检查 (L401-432): 有 error 时打印详情 exit 1 拒绝生成 STATUS.md,
+      仅有 warning 时打印告警继续执行, 全部通过时打印 OK 继续。
+      测试: 正常场景 0 error 0 warning 生成 STATUS.md; 故意破坏 qa-xu/profile.md 的 --- 分隔符后 exit 1 且
+      STATUS.md 未被覆盖; 修复后恢复正常。
+    rating: done
 current_groups: []
 ---

agents/engineer-chen/profile.md

@@ -58,5 +58,14 @@ performance_log:
       - "服务注册: on_init 内注册正确，但未检查 register_service 返回值 (重复注册返回 -2 被忽略)"
       - "评级: C (无跨 DLL 堆违规但代码重复 + 双 store 架构 + dangling pointer 需修复)"
       - "输出: agents/audits/W11.2-config-audit.md"
+  - date: 2026-05-27
+    event: "W16.3 - 修复 F-11.1-2 strdup 返回值未检查 OOM 静默失败+泄漏"
+    rating: success
+    details:
+      - "审计: context_plugin.cpp 所有 4 处 g_host->strdup 调用已含 nullptr 检查 (W12.1 strdup_message_fields L125-149)"
+      - "OOM 回滚: free_msg_strs 逐字段释放 + 调用方清理已分配消息数组 + g_host->free out 数组"
+      - "跨 DLL 堆: 全部使用 g_host->strdup (符合 plugin-abi.md §3)，无 std::strdup"
+      - "编译: cmake --build build --config Release → 0 error"
+      - "测试: ctest → 4/4 pass (smoke + host-api + event-bus + service-registry)"
 current_groups: []
 ---

agents/engineer-sun/profile.md

@@ -56,5 +56,14 @@ performance_log:
       构建验证: cmake --build Release 0 error; ctest 4/4 pass。
       L420-471 reader_loop, L481-559 start, L561-603 stop 三件套, L605-630 open, L632-655 close,
       L657-683 diagnostics, L685-730 hover, L730-780 completion, L807-821 on_shutdown.
+  - date: 2026-05-27
+    event: "W16.2: 修复 F-11.1-1 — context_plugin.cpp C++ 异常穿越 ABI 边界"
+    rating: completed
+    details: |
+      为 context_set_max_tokens (L319-329) 和 on_shutdown (L370-384) 添加 try/catch 包装。
+      void 函数模式: catch → 仅 log (g_host->log)。trim_impl / context_count_tokens / context_trim
+      / on_init 已在 W12.1 预制异常保护，本次补全剩余 2 个入口。
+      构建验证: cmake --build Release 0 error; ctest 4/4 pass。
+      findings-registry: F-11.1-1 → FIXED, Fix Wave W16.2。
 current_groups: []
 ---

agents/engineer-zhao/profile.md

@@ -43,5 +43,5 @@ current_groups:
     event: "W11.4: 实现管道输入支持(grp-cli-ux B3)，pipe_mode检测_isatty→读取全部stdin→单次chat→退出；空输入返回1提示empty prompt；0 error 0 warning编译通过；4/4测试100% pass"
     rating: A
   - date: 2026-05-27
-    event: "W12.3: 修复3个命令解析bug(BUG-2 /clear空session谎报成功→stderr守卫; BUG-3 /context空session静默→else分支stderr; BUG-4 /file write裸命令→统一token解析入口)，build 0 error 0 warning，4/4 test pass"
+    event: "W16.6: 为 W13.1/W13.2 审计报告补充 Findings Summary 小节（W13.1: 11 条发现含 3H/1M/7L，W13.2: 4 条发现含 1H/3M）；8 条 MEDIUM+ 录入 registry（4 条标注 Fix Wave W14）；4 条已被 W14 修复（ABI try/catch）"
-    rating: completed
+    rating: A

agents/engineer-zhou/profile.md

@@ -50,5 +50,13 @@ performance_log:
       无新增依赖. Windows 上 set_default_verify_paths 可能找不到系统 CA, 已加 TODO
       建议设置 SSL_CERT_FILE 或 bundle cacert.pem.
     rating: completed
+  - date: 2026-05-27
+    event: "W16.5 - W13.3 网络审计报告补充 Findings Summary"
+    detail: |
+      审计报告 W13.3-network-audit.md 末尾新增 Findings Summary 小节，列出 3 个发现：
+      F-13.3-1 (CRITICAL) TLS 证书验证、F-13.3-2 (HIGH) DNS 解析无超时、
+      F-13.3-3 (MEDIUM) 缺 catch(...) 兜底。3 条全部录入 findings-registry.md Open 分区。
+      格式对齐 WORKFLOW.md §14.6 / §14.2 字段定义。
+    rating: completed
 current_groups: []
 ---

agents/security-cao/profile.md

@@ -18,6 +18,14 @@ weaknesses:
   - 对功能开发节奏感知较弱，容易"挡路"
   - 偶尔过度强调低风险问题
 performance_log:
+  - date: 2026-05-27
+    event: "W16.1: 验证 F-11.7-1 (build/bin/ 损坏二进制副本) — W12.4 已彻底修复"
+    rating: done
+    detail: |
+      确认 build/dstalk-cli/dstalk-cli.exe 已删除 (W12.4 devops-hu 修复);
+      build/bin/dstalk-cli.exe 为唯一正确副本 (67584 bytes);
+      cmake --build build --config Release: 0 error; ctest: 4/4 pass。
+      更新 findings-registry.md: F-11.7-1 OPEN→CLOSED, Close Date 2026-05-27, Fix Wave W12.4, Verified By security-cao。
   - date: 2026-05-27
     event: "入职 dstalk 团队"
     rating: ongoing

plugins/context/src/context_plugin.cpp

@@ -315,8 +315,15 @@ static int context_trim(const dstalk_message_t* in, int in_count,
     }
 }
 
+// W16.2: 包裹 try/catch 防止异常穿越 C ABI 边界 (§8.3 void 仅 log)
 static void context_set_max_tokens(size_t max) {
+    try {
         g_max_tokens = max;
+    } catch (const std::exception& e) {
+        if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] context_set_max_tokens: %s", e.what());
+    } catch (...) {
+        if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] context_set_max_tokens: unknown exception");
+    }
 }
 
 static dstalk_context_service_t g_context_service = {
@@ -352,9 +359,20 @@ static int on_init(const dstalk_host_api_t* host) {
     }
 }
 
+// W16.2: 包裹 try/catch 防止异常穿越 C ABI 边界 — void 函数仅 log
 static void on_shutdown() {
+    try {
         g_session = nullptr;
         g_host = nullptr;
+    } catch (const std::exception& e) {
+        if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] on_shutdown: %s", e.what());
+        g_session = nullptr;
+        g_host = nullptr;
+    } catch (...) {
+        if (g_host) g_host->log(DSTALK_LOG_ERROR, "[plugin-context] on_shutdown: unknown exception");
+        g_session = nullptr;
+        g_host = nullptr;
+    }
 }
 
 static dstalk_plugin_info_t g_info = {

scripts/refresh_status.py

@@ -25,6 +25,15 @@ for _stream in (sys.stdout, sys.stderr):
     except Exception:
         pass
 
+# Metadata integrity checks (W16.4: import from check_agents_metadata as pre-gate)
+from check_agents_metadata import (
+    check_yaml_parse,
+    check_rating_range,
+    check_group_refs,
+    check_member_refs,
+    check_duplicate_ids,
+)
+
 
 # =============================================================================
 # Path resolution
@@ -389,6 +398,39 @@ def main():
         print(f'ERROR: agents/ directory not found at {agents_dir}', file=sys.stderr)
         sys.exit(1)
 
+    # ---- Metadata integrity pre-check (W16.4) ----
+    check_suites = [
+        ('C1', 'YAML parse',       check_yaml_parse),
+        ('C2', 'rating range',     check_rating_range),
+        ('C3', 'group refs',       check_group_refs),
+        ('C4', 'member refs',      check_member_refs),
+        ('C5', 'duplicate IDs',    check_duplicate_ids),
+    ]
+
+    all_findings = []
+    for code, label, fn in check_suites:
+        findings = fn(agents_dir)
+        all_findings.extend((code, label, f) for f in findings)
+
+    errors = [f for f in all_findings if f[2][0] == 'error']
+    warnings = [f for f in all_findings if f[2][0] == 'warn']
+
+    if errors:
+        for code, label, (sev, filepath, msg) in errors:
+            print(f'[{code}] ERROR: {filepath}: {msg}', file=sys.stderr)
+        for code, label, (sev, filepath, msg) in warnings:
+            print(f'[{code}] WARN: {filepath}: {msg}', file=sys.stderr)
+        print(f'\nMetadata check FAILED: {len(errors)} errors, {len(warnings)} warnings. '
+              f'Fix errors before generating STATUS.md.', file=sys.stderr)
+        sys.exit(1)
+    elif warnings:
+        for code, label, (sev, filepath, msg) in warnings:
+            print(f'[{code}] WARN: {filepath}: {msg}', file=sys.stderr)
+        print(f'Metadata check: {len(warnings)} warning(s) found. '
+              f'Proceeding with STATUS.md generation.', file=sys.stderr)
+    else:
+        print('OK: All 5 metadata checks passed.', file=sys.stderr)
+
     # ---- Scan profiles ----
     profiles = []
     for child in sorted(agents_dir.iterdir()):