Wave 10: deep audits of 5 unaudited plugins, smoke regression set (W13.1-W13.6)
- W13.1 anthropic_plugin (architect-yang, 497 lines): rated C. 6 C ABI
functions lack try/catch (§8 violation); my_chat leaks response_body on
error path; tool_use response silently dropped.
- W13.2 deepseek_plugin (engineer-sun, 486 lines): rated C+. 7 ABI entries
unprotected including json::parse paths (malformed JSON terminates);
SSE [DONE] sentinel match brittle; ~55% code overlap with anthropic
suggests an ai_plugin_base extraction.
- W13.3 network_plugin (qa-wang, 322 lines): rated C. CRITICAL: TLS
certificate verification fully disabled (set_verify_mode never called,
default verify_none accepts any cert) — all AI traffic incl. api_key
is MITM-vulnerable. DNS resolve has no timeout; catch lacks (...).
- W13.4 lsp_plugin (architect-huang, 749 lines): rated C. CRITICAL:
guaranteed deadlock at L519-526 → L547 (g_lsp_impl_start holds mutex
then calls g_lsp_impl_stop which re-locks the same non-recursive
mutex); 7 vtable funcs unprotected; server→client requests dropped.
- W13.5 session+tools (security-cao, 264+251 lines): rated D+/D. Path
traversal in builtin_file_read/write (zero validation); global
static state in both plugins lacks mutex (UAF risk); 9 vtable funcs
lack try/catch.
- W13.6 smoke regression (qa-xu, +193 lines): 4 new cases — context
max_tokens trim, config dual-store consistency (exposes that W12.2
merge is incomplete: dstalk_config_set→config_service.get returns
null), HTTP error path no-crash, repeated init/shutdown cycle.
Verified: cmake build 0 error 0 warning, ctest 4/4 pass.
Top W14 priorities surfaced: TLS verification (W13.3), LSP deadlock
(W13.4), file-tool path traversal (W13.5), config dual-store still
broken (W13.6 R2), shared try/catch wrapper across all AI plugins.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
XiuChengWu
47082376ef