mcp_rails_template

The `ApplicationGateway` in development mode is configured with `ActionMCP::NoneIdentifier`, meaning MCP endpoints are accessible without authentication. This is suitable for local development but poses a significant security risk if deployed without implementing proper authentication (e.g., API keys, JWT, OAuth as suggested for production in `config/mcp.yml`). Tools like `rubocop_tool` and `ruby_code_analyzer_tool` process provided code snippets and project files; while they are designed for analysis rather than arbitrary code execution, care must be taken regarding the scope of code they can access if exposed without proper authorization. `fetch_weather_by_location_tool` makes external API calls to Open-Meteo, which is a known endpoint, but external network requests always carry a minimal risk. Default PostgreSQL credentials in `docker-compose.yml` are for local development only.