[SECURITY] E2-6: MCP batch_create_sessions and create_pipeline have unbounded arrays

## Finding

**ID:** MCP-2, MCP-3 | **Severity:** 🟠 MEDIUM

`batch_create_sessions.sessions` and `create_pipeline.steps` accept arrays with no max length. An agent could submit 1,000+ sessions in one call.

## Fix Required

Add `.max(50)` constraint to both array schemas in `src/mcp-server.ts`.

**Files:** `src/mcp-server.ts`

## Acceptance Criteria

A `batch_create_sessions` call with 51 items returns a validation error.

## Milestone

M-E2: Identity & Access Control

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[SECURITY] E2-6: MCP batch_create_sessions and create_pipeline have unbounded arrays #1408

Finding

Fix Required

Acceptance Criteria

Milestone

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

[SECURITY] E2-6: MCP batch_create_sessions and create_pipeline have unbounded arrays #1408

Description

Finding

Fix Required

Acceptance Criteria

Milestone

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions