fix(server): Sandbox escape via arbitrary host path mounts in the default configuration

[Pangjiping]

Summary

• require explicit startup confirmation when api_key is unset
• Breaking change: empty or unset [storage].allowed_host_paths now denies all host mounts by default (instead of allowing all), and users who need legacy behavior must explicitly set allowed_host_paths = ["/"] as a temporary compatibility.
• closes SECURITY: Sandbox escape via arbitrary host path mounts in the default configuration. #750

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Breaking Changes

• None
• Yes (allowed_host_paths = [] means allow all -> deny all)

Checklist

• Linked Issue or clearly described motivation
• Added/updated docs (if needed)
• Added/updated tests (if needed)
• Security impact considered
• Backward compatibility considered

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 807eb84ceb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".