mbproxy: remediate the 2026-05-16 code-review findings

Fixes every finding from the codereviews/2026-05-16 multi-agent review
(2 Critical, 20 Major, 38 Minor) and adds that review to the repo.

Highlights: dashboard XSS escape; response cache invalidated on the
write request (not just the response); ReloadValidator now runs at
startup so port collisions / duplicate names / malformed Resilience
profiles fail fast; AdminPort 0 genuinely disables the admin endpoint;
PlcListener accept-loop faults propagate to the supervisor's faulted
path; reconciler Restart builds before removing; Resilience pipelines
are restart-only from a frozen snapshot; multiplexer connect-race leak,
watchdog party-list snapshot, backend-response and FC16 framing
validation; frontend reconnect retry and util.js load guard; plus the
log-event/doc drift sweep and test-port hygiene.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

mbproxy/src/Mbproxy/Proxy/Multiplexing/UpstreamPipe.cs

@@ -130,14 +130,16 @@ internal sealed partial class UpstreamPipe : IAsyncDisposable
                     out _, out _, out ushort length, out _))
                     return;
 
-                if (length < 1)
+                if (length < 2)
                 {
-                    // Length field claims no body — forward the header alone via a fresh buffer.
-                    byte[] degenerate = new byte[MbapFrame.HeaderSize];
-                    Buffer.BlockCopy(headerBuf, 0, degenerate, 0, MbapFrame.HeaderSize);
-                    await onFrame(degenerate, token).ConfigureAwait(false);
-                    Interlocked.Increment(ref _pdusForwardedCount);
-                    continue;
+                    // A valid MBAP Length covers at least UnitId(1) + FC(1) = 2 bytes. A
+                    // frame claiming less is malformed Modbus — there is no FC to route on
+                    // and no PDU to forward. Close the upstream rather than allocate a
+                    // proxy TxId and push a 7-byte garbage frame at the backend (review N1).
+                    _logger.LogWarning(
+                        "Malformed upstream frame: Plc={Plc} MbapLength={Length} < 2 — closing pipe",
+                        _plcName, length);
+                    return;
                 }
 
                 int pduBodyLen = length - 1;