feat: enhance security measures for MCP server interactions

- Restricted CORS to localhost origins to prevent remote code execution (RCE) attacks.
- Updated MCP server configuration handling to enforce security warnings when adding or importing servers.
- Introduced a SecurityWarningDialog to inform users about potential risks associated with server commands and configurations.
- Ensured that only serverId is accepted for testing server connections, preventing arbitrary command execution.

These changes improve the overall security posture of the MCP server management and usage.

apps/server/src/lib/sdk-options.ts

@@ -158,8 +158,8 @@ interface McpPermissionOptions {
  */
 function buildMcpOptions(config: CreateSdkOptionsConfig): McpPermissionOptions {
   const hasMcpServers = config.mcpServers && Object.keys(config.mcpServers).length > 0;
-  // Default to true - this is a deliberate design choice for ease of use with MCP servers.
-  // Users can disable these in settings for stricter security.
+  // Default to true for autonomous workflow. Security is enforced when adding servers
+  // via the security warning dialog that explains the risks.
   const mcpAutoApprove = config.mcpAutoApproveTools ?? true;
   const mcpUnrestricted = config.mcpUnrestrictedTools ?? true;
 

apps/server/src/lib/settings-helpers.ts

@@ -193,7 +193,8 @@ export async function getMCPPermissionSettings(
   settingsService?: SettingsService | null,
   logPrefix = '[SettingsHelper]'
 ): Promise<{ mcpAutoApproveTools: boolean; mcpUnrestrictedTools: boolean }> {
-  // Default values (both enabled for backwards compatibility)
+  // Default to true for autonomous workflow. Security is enforced when adding servers
+  // via the security warning dialog that explains the risks.
   const defaults = { mcpAutoApproveTools: true, mcpUnrestrictedTools: true };
 
   if (!settingsService) {