W18: context cleanup + CLI fixes + loader audit + CI matrix (W18.1-W18.4)

- W18.1 (王测+林深): Remove g_max_tokens dead API, UTF-8 bounds protection, deduplicate token counting, 0xC0/0xC1 handling, add 13 test blocks (36 checks)
- W18.2 (赵码+朱晴): Fix /context no-session error message, /status 3-state connection display
- W18.3 (曹武+徐磊): plugin_loader security audit — 9 dimensions, rating C, 1 HIGH + 2 MEDIUM findings
- W18.4 (马奔+胡桐): CI dual-platform matrix (Ubuntu clang-18 + Windows clang-cl), ccache, build timing baseline

Build 0 error, ctest 5/5 pass, metadata check clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/qa-xu/profile.md

@@ -18,6 +18,16 @@ weaknesses:
   - 单元测试有时过于针对实现
   - 不太关注测试可读性
 performance_log:
+  - date: 2026-05-27
+    event: "W18.3: plugin_loader 安全审计 (合作 security-cao) — 9 维度审计, 1 HIGH + 4 MEDIUM + 3 LOW 发现"
+    rating: done
+    detail: |
+      联合审计 dstalk-core/src/plugin_loader.cpp + plugin_loader.hpp (385行)。
+      破坏性关注点: on_init/on_shutdown 五处 C ABI 调用无 try/catch → 单个插件 OOM 即可 std::terminate() 拖垮 host;
+      load_plugin 全路径静默失败, GetLastError/dlerror 不调用;
+      dstalk_plugin_load 公开 API 路径直传 LoadLibrary/dlopen 零验证, 相对路径触发 DLL 搜索劫持。
+      报告: agents/audits/W18.3-plugin-loader-audit.md。
+      findings-registry: F-18.3-1~5 录入 Open 分区。
   - date: 2026-05-27
     event: "入职 dstalk 团队"
     rating: ongoing