W17: close 9 audit findings — atomic pointers, SSE robustness, leak fix, verification (W17.1-W17.4)

- W17.1 (曹武): Verify F-13.3-1/2/3 all fixed by W14.1, close 3 findings (1 CRITICAL + 1 HIGH + 1 MEDIUM)
- W17.2 (赵码): Fix F-13.2-3 SSE [DONE] sentinel trimming + F-13.2-4 g_host/g_http/g_config atomic pointers in deepseek_plugin
- W17.3 (王测): Verify 4 W14 findings (F-13.1-1/4, F-13.2-1/2) + F-11.7-2 confirmed fixed, close 5 findings
- W17.4 (马奔): Fix F-13.1-2 response_body leak on error path + F-13.1-3 g_host/g_http atomic pointers in anthropic_plugin

Build 0 error, ctest 4/4 pass, metadata check clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/security-cao/profile.md

@@ -18,6 +18,14 @@ weaknesses:
   - 对功能开发节奏感知较弱，容易"挡路"
   - 偶尔过度强调低风险问题
 performance_log:
+  - date: 2026-05-27
+    event: "W17.1: 验证 F-13.3-1/2/3 (network_plugin TLS/DNS/exception) — W14.1 已全部修复，关闭 3 条发现"
+    rating: done
+    detail: |
+      检查 network_plugin.cpp 现状：F-13.3-1 (TLS) 已有 set_verify_mode(verify_peer) + SSL_set1_host；
+      F-13.3-2 (DNS) 已有 steady_timer 10s 超时 + resolver.cancel()；
+      F-13.3-3 (catch) 已有 catch(...) 兜底。均为 W14.1 周岩修复。
+      编译 0 error，ctest 4/4 pass。findings-registry 更新：3 条 OPEN→CLOSED, Fix Wave W14.1, Verified By security-cao。
   - date: 2026-05-27
     event: "W16.1: 验证 F-11.7-1 (build/bin/ 损坏二进制副本) — W12.4 已彻底修复"
     rating: done