feat: Enhance CLI tools and settings management

- Added auto-initialization of CSRF token for state-changing requests in cli-manager.js.
- Refactored Claude CLI Tools configuration to separate tools and settings into cli-tools.json and cli-settings.json respectively.
- Introduced new interfaces for Claude CLI Tools and Settings, including support for tags and primary models.
- Implemented loading and saving functions for CLI settings, ensuring backward compatibility with legacy combined config.
- Updated functions to synchronize tags between CLI tools and configuration manager.
- Added error handling and logging for loading and saving configurations.
- Created initial cli-settings.json with default settings.

ccw/src/core/server.ts

@@ -550,15 +550,15 @@ export async function startServer(options: ServerOptions = {}): Promise<http.Ser
 
       // Serve dashboard HTML
       if (pathname === '/' || pathname === '/index.html') {
-        if (isLocalhostRequest(req)) {
-          const tokenResult = tokenManager.getOrCreateAuthToken();
-          setAuthCookie(res, tokenResult.token, tokenResult.expiresAt);
+        // Set session cookie and CSRF token for all requests
+        const tokenResult = tokenManager.getOrCreateAuthToken();
+        setAuthCookie(res, tokenResult.token, tokenResult.expiresAt);
+
+        const sessionId = getOrCreateSessionId(req, res);
+        const csrfToken = getCsrfTokenManager().generateToken(sessionId);
+        res.setHeader('X-CSRF-Token', csrfToken);
+        setCsrfCookie(res, csrfToken, 15 * 60);
 
-          const sessionId = getOrCreateSessionId(req, res);
-          const csrfToken = getCsrfTokenManager().generateToken(sessionId);
-          res.setHeader('X-CSRF-Token', csrfToken);
-          setCsrfCookie(res, csrfToken, 15 * 60);
-        }
         const html = generateServerDashboard(initialPath);
         res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
         res.end(html);