Missing Authentication for Critical Function

Summary

A review of mcp-gitlab-server at commit 80a7b4cf3fba6b55389c0ef491a48190f7c8996a uncovered that the SSE HTTP transport -- advertised in the README and comparison table as a differentiating feature -- runs with no authentication and wildcard CORS on every endpoint. The maintainers' own roadmap confirms auth is a known gap. When `USE_SSE=true`, the HTTP server in `src/transport.ts` sets: res.setHeader('Access-Control-Allow-Origin', '*'); res.setHeader('Access-Control-Allow-Methods', 'GET, POST'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type'); The `httpServer.listen(port)` call at line 97 passes no host argument -- Node.js defaults to 0.0.0.0, binding on all interfaces. Two endpoints are exposed with no credential check: `GET /sse` -- opens an SSE connection, returns a session endpoint URL `POST /messages?sessionId=<id>` -- sends MCP messages to the server using the loaded `GITLAB_PERSONAL_ACCESS_TOKEN` Any caller who can reach the port -- LAN, cloud instance, or via the browser-tab vector the wildcard CORS enables -- gets full access to all 86 tools the server exposes using the operator's GitLab PAT. That includes `delete_repository`, `delete_group, push_files`, `create_merge_request`, `update_repository_settings`, and any other tool the server exposes. The PAT doesn't leave the process, but every API call it backs is available to the unauthenticated caller. The wildcard CORS makes the browser-tab vector direct: any web page the operator visits while the server is running can open an SSE connection and make tool calls via cross-origin fetch. No user interaction beyond visiting the page. This issue affects @yoda.digital/gitlab-mcp-server versions prior to 0.6.0.