fix(security): validate server_id in cmdConnect and cmdEnterAgent (#1925)

All other connection fields (ip, user, server_name) are validated
against injection before being passed to shell commands, but server_id
was skipped in both cmdConnect and cmdEnterAgent despite being used as
a daytona ssh argument (line 2922). This inconsistency existed while
execDeleteServer, mergeLastConnection, and the headless code path all
correctly validated server_id.

Adds the missing `if (connection.server_id) { validateServerIdentifier(...) }`
guard in both functions, matching the existing server_name pattern.

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.10.11",
+  "version": "0.10.12",
   "type": "module",
   "bin": {
     "spawn": "cli.js"

packages/cli/src/commands.ts

@@ -2766,6 +2766,9 @@ async function cmdConnect(connection: VMConnection): Promise<void> {
     if (connection.server_name) {
       validateServerIdentifier(connection.server_name);
     }
+    if (connection.server_id) {
+      validateServerIdentifier(connection.server_id);
+    }
   } catch (err) {
     p.log.error(`Security validation failed: ${getErrorMessage(err)}`);
     p.log.info("Your spawn history file may be corrupted or tampered with.");
@@ -2830,6 +2833,9 @@ async function cmdEnterAgent(connection: VMConnection, agentKey: string, manifes
     if (connection.server_name) {
       validateServerIdentifier(connection.server_name);
     }
+    if (connection.server_id) {
+      validateServerIdentifier(connection.server_id);
+    }
   } catch (err) {
     p.log.error(`Security validation failed: ${getErrorMessage(err)}`);
     p.log.info("Your spawn history file may be corrupted or tampered with.");