fix: SEC-4/SEC-5 CSP lockdown + IPC-1 serde camelCase

- Set restrictive CSP policy (was null)
- Gate devtools behind feature flag
- Set withGlobalTauri: false
- Add camelCase serde rename to ConnectionGroup

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src-tauri/Cargo.toml

@@ -12,11 +12,15 @@ crate-type = ["lib", "cdylib", "staticlib"]
 name = "wraith-mcp-bridge"
 path = "src/bin/wraith_mcp_bridge.rs"
 
+[features]
+default = []
+devtools = ["tauri/devtools"]
+
 [build-dependencies]
 tauri-build = { version = "2", features = [] }
 
 [dependencies]
-tauri = { version = "2", features = ["devtools"] }
+tauri = { version = "2", features = [] }
 tauri-plugin-shell = "2"
 tauri-plugin-updater = "2"
 anyhow = "1"

src-tauri/src/connections/mod.rs

@@ -19,6 +19,7 @@ use crate::db::Database;
 // ── domain types ──────────────────────────────────────────────────────────────
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
+#[serde(rename_all = "camelCase")]
 pub struct ConnectionGroup {
     pub id: i64,
     pub name: String,

src-tauri/tauri.conf.json

@@ -22,9 +22,9 @@
       }
     ],
     "security": {
-      "csp": null
+      "csp": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' asset: https://asset.localhost data:; connect-src 'self' ipc: http://ipc.localhost"
     },
-    "withGlobalTauri": true
+    "withGlobalTauri": false
   },
   "bundle": {
     "active": true,