fix: mcp SSE hardening

[arunanshub]

No description provided.

[github-actions]

vet Summary Report

This report is generated by vet

Policy Checks

• ✅ Vulnerability
• ✅ Malware
• ✅ License
• ✅ Popularity
• ✅ Maintenance
• ✅ Security Posture
• ✅ Threats

Malicious Package Analysis

Malicious package analysis was performed using SafeDep Cloud API

Malicious Package Analysis Report

Ecosystem	Package	Version	Status	Report

• ℹ️ 0 packages have been actively analyzed for malicious behaviour.
• ✅ No malicious packages found.

[codecov]

Codecov Report

❌ Patch coverage is 59.09091% with 36 lines in your changes missing coverage. Please review.
✅ Project coverage is 8.31%. Comparing base (e4e9dc2) to head (d76d48e).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/server/mcp.go	0.00%	29 Missing ⚠️
mcp/server/sse.go	53.33%	7 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##            main    #587      +/-   ##
========================================
+ Coverage   8.22%   8.31%   +0.08%     
========================================
  Files        285     286       +1     
  Lines      47558   47641      +83     
========================================
+ Hits        3914    3963      +49     
- Misses     43371   43405      +34     
  Partials     273     273              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR hardens SSE (Server-Sent Events) security by implementing host and origin validation guards to prevent unauthorized cross-origin access and DNS rebinding attacks.

• Adds configurable host and origin guards as middleware to validate incoming requests
• Updates CORS header behavior to only set them when an Origin header is present
• Adds comprehensive test coverage for the new security guards and integration scenarios

Reviewed Changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
mcp/server/guard.go	Implements host and origin validation middleware
mcp/server/guard_test.go	Comprehensive tests for the new security guards
mcp/server/sse.go	Integrates security guards and updates CORS header logic
mcp/server/sse_test.go	Updates SSE handler tests for new origin-based CORS behavior
mcp/server/sse_integration_test.go	Adds integration tests for security guard validation
mcp/server/server.go	Adds configuration fields for allowed hosts and origins
cmd/server/mcp.go	Adds CLI flags for configuring allowed hosts and origins
docs/mcp.md	Documents the new security features and configuration options
go.mod	Removes unused dependency

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}