fix(config): skip merging fallback servers when managed servers exist

[lydakis]

Motivation

• Prevent untrusted fallback files (e.g. project-scoped .mcp.json) from injecting server names that can shadow internal CLI commands and cause unintended tool execution when the user already has managed servers configured.
• Restore the original safety boundary where fallback discovery is only used for zero-config onboarding and does not override or extend an explicit managed config.

Description

• Added an early return in MergeFallbackServersForCWD to skip loading/merging fallback sources when cfg.Servers is non-empty (internal/config/fallback.go).
• Updated the merge test to assert that when managed servers are present no discovered fallback servers are added (TestMergeFallbackServersKeepsManagedOnlyWhenConfigured in internal/config/fallback_test.go).
• Preserved existing behavior for empty configs and explicit FallbackSources overrides so existing onboarding and configured-source semantics remain unchanged.

Testing

• Ran go test ./internal/config -run MergeFallback -count=1, which passed.
• Ran go vet ./... and go build ./..., both of which passed.
• Ran go test ./... which fails in this environment due to pre-existing internal/config Codex-related tests (TestLoadCodexConfigFileAddsCodexAppsServerFromAuthFile and TestLoadCodexConfigFileCodexAppsUsesConnectorsTokenEnv) that are unrelated to the fallback merge change.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 241f6d36f0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Honor explicit fallback_sources when managed servers exist

When a config defines both at least one managed servers.* entry and an explicit fallback_sources list, this early return prevents MergeFallbackServersForCWD from reading those user-specified sources at all. That regresses partial-adoption setups such as “keep github in mcpx config, but import everything else from /tmp/legacy.json”: the old collision logic already ensured managed entries won per-name, so skipping the entire merge drops unrelated discovered servers unnecessarily.

Useful? React with 👍 / 👎.