Claude config, some bug fixes (#813)

* Claude config updates
* Bug fixes and hardening across `zencore` and `zenhttp`, identified via static analysis.

### zencore

- **`ZEN_ASSERT` macro** -- extended to accept an optional string message literal; added `ZEN_ASSERT_MSG_` helper for message formatting. Callers needing runtime fmt-style formatting should use `ZEN_ASSERT_FORMAT`.
- **`MpscQueue`** -- fixed `TypeCompatibleStorage` to use a properly-sized `char Storage[sizeof(T)]` array instead of a single `char`; corrected `Data()` to cast `&Storage` rather than `this`; switched cache-line alignment to a fixed constant to avoid GCC's `-Winterference-size` warning. Enabled previously-disabled tests.
- **`StringBuilderImpl`** -- initialized `m_Base`/`m_CurPos`/`m_End` to `nullptr`. Fixed `StringCompare` return type (`bool` -> `int`). Fixed `ParseInt` to reject strings with trailing non-numeric characters. Removed deprecated `<codecvt>` include.
- **`NiceNumGeneral`** -- replaced `powl()` with integer `IntPow()` to avoid floating-point precision issues.
- **`RwLock::ExclusiveLockScope`** -- added move constructor/assignment; initialized `m_Lock` to `nullptr`.
- **`Latch::AddCount`** -- fixed variable type (`std::atomic_ptrdiff_t` -> `std::ptrdiff_t` for the return value of `fetch_add`).
- **`thread.cpp`** -- fixed Linux `pthread_setname_np` 16-byte name truncation; added null check before dereferencing in `Event::Close()`; fixed `NamedEvent::Close()` to call `close(Fd)` outside the lock region; added null guard in `NamedMutex` destructor; `Sleep()` now returns early for non-positive durations.
- **`MD5Stream`** -- was entirely stubbed out (no-op); now correctly calls `MD5Init`/`MD5Update`/`MD5Final`. Fixed `ToHexString` to use the correct string length. Fixed forward declarations. Fixed tests to compare `compare() == 0`.
- **`sentryintegration.cpp`** -- guard against null `filename`/`funcname` in spdlog message handler to prevent a crash in `fmt::format`.
- **`jobqueue.cpp`** -- fixed lost job ID when `IdGenerator` wraps around zero; fixed raw `Job*` in `RunningJobs` map (potential use-after-free) to `RefPtr<Job>`; fixed range-loop copies; fixed format string typo.
- **`trace.cpp`** -- suppress GCC false-positive warnings in third-party `trace.h` include.

### zenhttp

- **WebSocket close race** (`wsasio`, `wshttpsys`, `httpwsclient`) -- `m_CloseSent` promoted from `bool` to `std::atomic<bool>`; close check changed to `exchange(true)` to eliminate the check-then-set data race.
- **`wsframecodec.cpp`** -- reject WebSocket frames with payload > 256 MB to prevent OOM from malformed/malicious frames.
- **`oidc.cpp`** -- URL-encode refresh token and client ID in token requests (`FormUrlEncode`); parse `end_session_endpoint` and `device_authorization_endpoint` from OIDC discovery document.
- **`httpclientcommon.cpp`** -- propagate error code from `AppendData` when flushing the cache buffer.
- **`httpclient.h`** -- initialize all uninitialized members (`ErrorCode`, `UploadedBytes`, `DownloadedBytes`, `ElapsedSeconds`, `MultipartBoundary` fields).
- **`httpserver.h`** -- fix `operator=` return type for `HttpRpcHandler` (missing `&`).
- **`packageformat.h`** -- fix `~0u` (32-bit truncation) to `~uint64_t(0)` for a `uint64_t` field.
- **`httpparser`** -- initialize `m_RequestVerb` in both declaration and `ResetState()`.
- **`httpplugin.cpp`** -- initialize `m_BasePort`; fix format string missing quotes around connection name.
- **`httptracer.h`** -- move `#pragma once` before includes.
- **`websocket.h`** -- initialize `WebSocketMessage::Opcode`.

### zenserver

- **`hubservice.cpp`** -- fix two `ZEN_ASSERT` calls that incorrectly used fmt-style format args; converted to `ZEN_ASSERT_FORMAT`.

1 files changed, 14 insertions, 10 deletions

diff --git a/src/zencore/md5.cpp b/src/zencore/md5.cpp
index 83ed53fc8..f8cfee3ac 100644
--- a/src/zencore/md5.cpp
+++ b/src/zencore/md5.cpp
@@ -56,9 +56,9 @@ struct MD5_CTX
 	unsigned char digest[16]; /* actual digest after MD5Final call */
 };
 
-void MD5Init();
-void MD5Update();
-void MD5Final();
+void MD5Init(MD5_CTX* mdContext);
+void MD5Update(MD5_CTX* mdContext, unsigned char* inBuf, unsigned int inLen);
+void MD5Final(MD5_CTX* mdContext);
 
 /*
  **********************************************************************
@@ -370,28 +370,32 @@ MD5 MD5::Zero;	// Initialized to all zeroes
 
 MD5Stream::MD5Stream()
 {
+	static_assert(sizeof(MD5_CTX) <= sizeof(m_Context));
 	Reset();
 }
 
 void
 MD5Stream::Reset()
 {
+	MD5Init(reinterpret_cast<MD5_CTX*>(m_Context));
 }
 
 MD5Stream&
 MD5Stream::Append(const void* Data, size_t ByteCount)
 {
-	ZEN_UNUSED(Data);
-	ZEN_UNUSED(ByteCount);
-
+	MD5Update(reinterpret_cast<MD5_CTX*>(m_Context), (unsigned char*)Data, (unsigned int)ByteCount);
 	return *this;
 }
 
 MD5
 MD5Stream::GetHash()
 {
-	MD5 md5{};
+	MD5_CTX FinalCtx;
+	memcpy(&FinalCtx, m_Context, sizeof(MD5_CTX));
+	MD5Final(&FinalCtx);
 
+	MD5 md5{};
+	memcpy(md5.Hash, FinalCtx.digest, 16);
 	return md5;
 }
 
@@ -428,7 +432,7 @@ MD5::ToHexString(StringBuilderBase& outBuilder) const
 	char str[41];
 	ToHexString(str);
 
-	outBuilder.AppendRange(str, &str[40]);
+	outBuilder.AppendRange(str, &str[StringLength]);
 
 	return outBuilder;
 }
@@ -470,11 +474,11 @@ TEST_CASE("MD5")
 	MD5::String_t Buffer;
 	Result.ToHexString(Buffer);
 
-	CHECK(Output.compare(Buffer));
+	CHECK(Output.compare(Buffer) == 0);
 
 	MD5 Reresult = MD5::FromHexString(Buffer);
 	Reresult.ToHexString(Buffer);
-	CHECK(Output.compare(Buffer));
+	CHECK(Output.compare(Buffer) == 0);
 }
 
 TEST_SUITE_END();