> ## Documentation Index
> Fetch the complete documentation index at: https://fred-mcp-server.amorelli.tech/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security policy and vulnerability reporting

# Security Policy

## Supported Versions

| Version | Supported |
| ------- | --------- |
| 1.x.x   | ✅ Yes     |
| \< 1.0  | ❌ No      |

## Reporting a Vulnerability

If you discover a security vulnerability, please email [stefano@amorelli.tech](mailto:stefano@amorelli.tech) instead of using the public issue tracker.

Include:

* Description of the vulnerability
* Steps to reproduce
* Potential impact
* Suggested fix (if any)

## Response Timeline

* **Acknowledgment**: Within 48 hours
* **Initial Assessment**: Within 1 week
* **Fix Timeline**: Varies by severity
* **Public Disclosure**: After fix is released

## Security Best Practices

<AccordionGroup>
  <Accordion title="API Key Protection">
    * Never commit API keys to version control
    * Use environment variables
    * Rotate keys periodically
    * Use separate keys for dev/prod
  </Accordion>

  <Accordion title="Dependency Security">
    * Keep dependencies updated
    * Review security advisories
    * Use `npm audit` regularly
  </Accordion>

  <Accordion title="Safe Usage">
    * Validate all user inputs
    * Don't expose keys in logs
    * Use HTTPS for API calls
    * Implement rate limiting
  </Accordion>
</AccordionGroup>

## Known Issues

Check [GitHub Security Advisories](https://github.com/stefanoamorelli/fred-mcp-server/security/advisories) for current issues.

## Next Steps

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/core-concepts/authentication">
    API key setup
  </Card>

  <Card title="Contributing" icon="code-pull-request" href="/community/contributing">
    Contribute securely
  </Card>
</CardGroup>
