W18: context cleanup + CLI fixes + loader audit + CI matrix (W18.1-W18.4)

- W18.1 (王测+林深): Remove g_max_tokens dead API, UTF-8 bounds protection, deduplicate token counting, 0xC0/0xC1 handling, add 13 test blocks (36 checks)
- W18.2 (赵码+朱晴): Fix /context no-session error message, /status 3-state connection display
- W18.3 (曹武+徐磊): plugin_loader security audit — 9 dimensions, rating C, 1 HIGH + 2 MEDIUM findings
- W18.4 (马奔+胡桐): CI dual-platform matrix (Ubuntu clang-18 + Windows clang-cl), ccache, build timing baseline

Build 0 error, ctest 5/5 pass, metadata check clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

agents/security-cao/profile.md

@@ -18,6 +18,18 @@ weaknesses:
   - 对功能开发节奏感知较弱，容易"挡路"
   - 偶尔过度强调低风险问题
 performance_log:
+  - date: 2026-05-27
+    event: "W18.3: plugin_loader 安全审计 (合作 qa-xu) — 9 维度审计, 1 HIGH + 4 MEDIUM + 3 LOW 发现"
+    rating: done
+    detail: |
+      审计 dstalk-core/src/plugin_loader.cpp + plugin_loader.hpp (385行), 9 维度全覆盖。
+      TOP3: (1) [HIGH] 5 处 C ABI on_init/on_shutdown/init_fn 调用 zero try/catch → std::terminate();
+      (2) [MEDIUM] load_plugin 5 失败路径全静默返回 -1 无日志;
+      (3) [MEDIUM] dstalk_plugin_load 公开 API 路径零验证 + DLL 无来源完整性检查。
+      额外: fprintf(stderr) 绕过 host->log、PluginLoader 零同步、符号解析无诊断、终端转义注入风险。
+      评级: 综合 C (ABI 安全 F, 路径安全 D, 错误处理 D, 堆纪律 A)。
+      报告: agents/audits/W18.3-plugin-loader-audit.md。
+      findings-registry: F-18.3-1~5 (1 HIGH + 4 MEDIUM) 录入 Open 分区。
   - date: 2026-05-27
     event: "W17.1: 验证 F-13.3-1/2/3 (network_plugin TLS/DNS/exception) — W14.1 已全部修复，关闭 3 条发现"
     rating: done