Relace MCP Server

# Security Policy ## Supported Versions | Version | Supported | | ------- | ------------------ | | latest | :white_check_mark: | ## Reporting a Vulnerability If you discover a security vulnerability in this project, please report it responsibly. ### How to Report 1. **Do NOT create a public GitHub issue** for security vulnerabilities. 2. Please email the maintainers directly or use [GitHub's private vulnerability reporting](https://github.com/possible055/relace-mcp/security/advisories/new). 3. Include as much detail as possible: - Description of the vulnerability - Steps to reproduce - Potential impact - Suggested fix (if any) ### Response Timeline - **Initial Response**: Within 48 hours - **Status Update**: Within 7 days - **Resolution Target**: Within 30 days (depending on severity) ### What to Expect - Acknowledgment of your report - Regular updates on the progress - Credit in the release notes (unless you prefer to remain anonymous) ## Security Best Practices This project follows security best practices including: - Pinned dependencies with commit SHA verification - Minimal token permissions in CI/CD workflows - Regular dependency updates via Dependabot - OpenSSF Scorecard monitoring ## Disclosure Policy We follow a coordinated disclosure policy. Please allow us reasonable time to address vulnerabilities before public disclosure.