Severity: Critical
AgentRegistry.register() stores name without duping it. In HTTP and MCP flows, this can point into short-lived request buffers that get freed/reused, causing use-after-free.
Fix: Dupe name in register(), free in deinit().
Files: src/agent.zig:57-66, src/server.zig:53, src/mcp.zig:77
Severity: Critical
AgentRegistry.register()storesnamewithout duping it. In HTTP and MCP flows, this can point into short-lived request buffers that get freed/reused, causing use-after-free.Fix: Dupe
nameinregister(), free indeinit().Files:
src/agent.zig:57-66,src/server.zig:53,src/mcp.zig:77