Disable automatic CWD project fallback config discovery

[lydakis]

Motivation

• The daemon previously performed CWD-aware upward discovery of project-local fallback files (e.g. nearest parent .mcp.json and .kiro/settings/mcp.json), which allowed untrusted repositories to inject MCP server definitions and enlarged the RCE/SSRF attack surface.
• The change aims to eliminate silent import of attacker-controlled project configs while preserving explicit user/home-level fallback sources.

Description

• Removed automatic upward project-local discovery from the default fallback source list by eliminating calls to nearestUpwardPath(...) in defaultFallbackSourcePathsForCWD and removing the now-unused nearestUpwardPath behavior in internal/config/fallback.go.
• Kept user/home-level fallback sources such as ~/.cursor/mcp.json, ~/.claude.json, and ~/.codex/config.toml intact to preserve expected default behavior.
• Updated tests in internal/config/fallback_test.go to reflect that project-local configs are no longer auto-discovered and removed the TestNearestUpwardPathFindsNearestParent unit test that validated upward discovery.
• Made two Codex-related tests deterministic by explicitly clearing CODEX_HOME within the test (t.Setenv("CODEX_HOME", "")) so auth file resolution is not environment-dependent.

Testing

• Ran go test ./... and all packages passed after test updates (internal/config and the rest of the repo succeeded).
• Ran go vet ./... and go build ./... and both completed without errors.
• Existing and modified unit tests in internal/config were executed and validate the new behavior (no project-local upward discovery by default).

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6d08081f4b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore an opt-in path for project-local fallback configs

Ignoring cwd here removes the only code path that ever added the nearest-parent .mcp.json / .kiro/settings/mcp.json files to the default fallback set. That means any trusted repo that relied on project-local MCP config for zero-config onboarding now regresses to mcpx listing no servers (or unknown server) unless the user manually copies those entries into a global config. fallback_sources is not an equivalent workaround because it is a static path list from config.toml, not “the nearest file under the request CWD”, so this change removes the feature entirely instead of making it explicit/opt-in.

Useful? React with 👍 / 👎.