Fix MCP +Add path bypassing secret redaction check

[SagarSDagdu]

Description

The "+ Add" (new MCP server) save path in app/src/settings_view/mcp_servers/edit_page.rs was calling ParsedTemplatableMCPServerResult::from_user_json directly and skipping the detect_secrets_in_templatable_mcp_server check that the edit-existing path runs via parse_templatable_json.

Net effect today: secrets pasted into a freshly added MCP server config are not blocked locally — the cloud-side sync_queue reject is the only guard, and the user sees a generic Failed to create mcp server toast instead of the actionable This MCP server contains secrets. Visit Settings > Privacy ... toast.

This PR reuses the existing per-server helper after parsing so both save paths get the same local guard.

Linked Issue

Fixes #11265.

• The linked issue is labeled ready-to-implement.

Screenshots / Videos

Video showing error toast after the fix:

Screen.Recording.2026-05-19.at.9.21.42.PM.mov

Testing

Manual repro per #11265:

1. Settings → Privacy → confirm Secret redaction is ON and the default recommended regexes are loaded (click "Add all recommended" if the list is empty — see SECRETS_REGEX silently empty at startup despite persisted custom_secret_regex_list — local MCP-save redaction check never fires #11262)
2. Settings → MCP Servers → + Add
3. Paste:

   {
     "demo-new-server-bypass": {
       "command": "/usr/bin/true",
       "args": ["--api-key=sk-FAKE0000000000FAKEdemoWARP8761"]
     }
   }

4. Click Save → expect the actionable redaction toast, save blocked.

No automated test added; the secret-detection helper is already exercised via the edit-existing path and the change is a 12-line reuse of that helper. Happy to add an integration test on request.

Agent Mode

• Warp Agent Mode - This PR was created via Warp's AI Agent Mode

[oz-for-oss]

@SagarSDagdu

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

Overview

This PR updates the new MCP server save path to run the existing templatable MCP server secret detection before creating templates, matching the edit-existing path.

Concerns

• The change is user-facing because it alters the MCP Servers + Add save flow and expected error toast, but the PR does not include screenshots or a screen recording demonstrating the actionable secret-redaction toast end to end. For this user-facing change, please include screenshots or a screen recording demonstrating it working end to end.

Verdict

Found: 0 critical, 1 important, 0 suggestions

Request changes

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[SagarSDagdu]

/oz-review I added video of the fix.

[oz-for-oss]

@SagarSDagdu

I'm re-reviewing this pull request in response to a review request.

You can view the conversation on Warp.

I reviewed this pull request and requested human review from: @lucieleblanc.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

Oz no longer requests changes for this pull request after the latest automated review.

[oz-for-oss]

Overview

This PR adds the missing local secret-redaction guard to the new MCP server +Add save path before templatable MCP servers are created or installed.

Concerns

• No blocking correctness, security, or spec-alignment concerns found in the changed hunk.

Verdict

Found: 0 critical, 0 important, 0 suggestions

Approve

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[SagarSDagdu]

@peicodes can you take a look at this? A very small but important change in the MCP addition.

[vkodithala]

Hey @SagarSDagdu, I'm taking over here. Will take a look later today!

[vkodithala]

This is a great, well-scoped PR. Great job!

Added a small comment that's non-blocking. I like that you didn't make an extra test here. Approved, will merge once CI passes.