[Audit 2026-04-14] APISIX watcher concurrency and gateway claim defects

## Summary
APISIX watcher and gateway claim handling contain confirmed runtime defects.

## Findings
- [ ] `High | confirmed` `WaitGroup.Add(1)` occurs after goroutine start and may trigger `negative WaitGroup counter` panic.
  - Evidence: `pkg/apisix/watch_sync.go:180`, `pkg/apisix/watch_sync.go:199`, `pkg/apisix/watch_sync.go:205`, `pkg/apisix/watch_sync.go:224`
- [ ] `High | confirmed` watcher loop uses `select { default: }` busy-spin and can consume excessive CPU.
  - Evidence: `pkg/apisix/watch_sync.go:66`, `pkg/apisix/watch_sync.go:73`
- [ ] `High | confirmed` gateway auth plugin duplicates subject condition and skips `Uid` fallback branch.
  - Evidence: `gateway/apisix/cmd/go-runner/plugins/kit_authn.go:231`
- [ ] `High | confirmed` aggregate delete callback is registered on update hook, causing delete event publication gap.
  - Evidence: `pkg/gorm/agg.go:80`

## Suggested Direction
- Move `Add` before goroutine launch or rely solely on errgroup.
- Remove busy default branch and block on channel/ticker.
- Fix claim branch condition for uid.
- Register delete callback in delete hook chain.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Audit 2026-04-14] APISIX watcher concurrency and gateway claim defects #51

Summary

Findings

Suggested Direction

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Audit 2026-04-14] APISIX watcher concurrency and gateway claim defects #51

Description

Summary

Findings

Suggested Direction

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions