feat: enhance security measures for MCP server interactions

- Restricted CORS to localhost origins to prevent remote code execution (RCE) attacks.
- Updated MCP server configuration handling to enforce security warnings when adding or importing servers.
- Introduced a SecurityWarningDialog to inform users about potential risks associated with server commands and configurations.
- Ensured that only serverId is accepted for testing server connections, preventing arbitrary command execution.

These changes improve the overall security posture of the MCP server management and usage.

apps/server/src/providers/claude-provider.ts

@@ -40,7 +40,8 @@ export class ClaudeProvider extends BaseProvider {
     // This logic mirrors buildMcpOptions() in sdk-options.ts but is applied here since
     // the provider is the final point where SDK options are constructed.
     const hasMcpServers = options.mcpServers && Object.keys(options.mcpServers).length > 0;
-    // Default to true - deliberate design choice for ease of use. Users can disable in settings.
+    // Default to true for autonomous workflow. Security is enforced when adding servers
+    // via the security warning dialog that explains the risks.
     const mcpAutoApprove = options.mcpAutoApproveTools ?? true;
     const mcpUnrestricted = options.mcpUnrestrictedTools ?? true;
     const defaultTools = ['Read', 'Write', 'Edit', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'];