Add community health files and improve docs

- Add CONTRIBUTING.md with bug report, feature request, dev setup, and PR process
- Add SECURITY.md with supported versions and 48h acknowledgment contact
- Update CHANGELOG.md with Keep a Changelog format header, [Unreleased] section, and v0.0.1 initial release entry
- Update README.md Contributing section to link to CONTRIBUTING.md and add SECURITY.md link in Security section

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: cablate

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.0.48]
+
+- feat: batch keyword scanning for local rank tracker (#68)
+
 ## 0.0.47
 
 - feat: dual-sort reviews — merge relevant + newest for ~10 reviews per place (#64)
@@ -170,3 +181,19 @@
 - Enhanced error handling and logging
 - Added comprehensive tool descriptions for LLM integration
 - Updated to latest MCP SDK version
+
+## [0.0.1] - 2025-02-22
+
+### Added
+
+- Initial release of mcp-google-map MCP server
+- `search_nearby` tool: search for places near a location by keyword, radius, open-now filter, and minimum rating
+- `get_place_details` tool: retrieve detailed information for a place by its Google Maps Place ID
+- `@googlemaps/google-maps-services-js` integration
+- `@modelcontextprotocol/sdk` integration
+- `GOOGLE_MAPS_API_KEY` environment variable support via `dotenv`
+- npm global install support (`@cablate/mcp-google-map`)
+
+[Unreleased]: https://github.com/cablate/mcp-google-map/compare/v0.0.48...HEAD
+[0.0.48]: https://github.com/cablate/mcp-google-map/compare/v0.0.1...v0.0.48
+[0.0.1]: https://github.com/cablate/mcp-google-map/releases/tag/v0.0.1

CONTRIBUTING.md

@@ -0,0 +1,81 @@
+# Contributing to mcp-google-map
+
+Thank you for your interest in contributing. This guide covers how to report bugs, suggest features, set up a dev environment, and submit pull requests.
+
+## Bug Reports
+
+Open an issue at [GitHub Issues](https://github.com/cablate/mcp-google-map/issues) and include:
+
+- A clear title and description
+- Steps to reproduce
+- Expected vs actual behavior
+- Node.js version and OS
+- Any relevant logs or error output
+
+## Feature Suggestions
+
+Open an issue with the label `enhancement`. Describe:
+
+- The problem you are trying to solve
+- Your proposed solution
+- Any alternatives you considered
+
+## Development Setup
+
+**Prerequisites:** Node.js >= 18, npm
+
+```bash
+# Clone the repository
+git clone https://github.com/cablate/mcp-google-map.git
+cd mcp-google-map
+
+# Install dependencies
+npm install
+
+# Build
+npm run build
+```
+
+Copy `.env.example` to `.env` and fill in `GOOGLE_MAPS_API_KEY` before running locally.
+
+### Running Tests
+
+```bash
+# Smoke tests (no API key required)
+npm test
+
+# Full E2E tests (requires GOOGLE_MAPS_API_KEY)
+npm run test:e2e
+```
+
+## Pull Request Process
+
+1. Fork the repository and create a branch from `main`:
+   ```bash
+   git checkout -b feat/your-feature-name
+   ```
+2. Make your changes and ensure the build and tests pass:
+   ```bash
+   npm run build
+   npm test
+   ```
+3. Commit using a clear message in the imperative mood (e.g., `feat: add place autocomplete tool`).
+4. Push your branch and open a pull request against `main`.
+5. Fill in the PR description, link any related issues, and wait for a review.
+6. Once approved and all checks pass, the maintainer will merge.
+
+## Code Style
+
+- TypeScript strict mode is expected.
+- Keep tool definitions under `src/tools/maps/`.
+- Use `camelCase` for variables/functions, `PascalCase` for classes/interfaces, `UPPER_SNAKE_CASE` for constants.
+- Match the existing file and naming conventions.
+- Run `npm run build` before committing — the build must pass cleanly.
+
+## Questions?
+
+Reach out at [reahtuoo310109@gmail.com](mailto:reahtuoo310109@gmail.com) or open a GitHub Discussion.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [MIT License](LICENSE).

README.md

@@ -311,6 +311,8 @@ skills/
 
 For enterprise security reviews, see [Security Assessment Clarifications](./SECURITY_ASSESSMENT.md) — a 23-item checklist covering licensing, data protection, credential management, tool contamination, and AI agent execution environment verification.
 
+To report a vulnerability, see [SECURITY.md](SECURITY.md).
+
 ## Roadmap
 
 ### Recent Additions
@@ -359,7 +361,7 @@ MIT
 
 ## Contributing
 
-Community participation and contributions are welcome!
+Community participation and contributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding guidelines, and the pull request process.
 
 - Submit Issues: Report bugs or provide suggestions
 - Create Pull Requests: Submit code improvements

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.x (current) | Yes |
+
+Only the latest release in the `0.x` line receives security fixes.
+
+## Reporting a Vulnerability
+
+**Please do not open a public GitHub issue for security vulnerabilities.**
+
+Email the maintainer directly at **reahtuoo310109@gmail.com** with:
+
+- A description of the vulnerability
+- Steps to reproduce or a proof-of-concept
+- The potential impact
+- Any suggested mitigations (optional)
+
+You will receive an acknowledgment within **48 hours**. After triage, we will work with you on a coordinated disclosure timeline.
+
+## Scope
+
+The primary security concern for this project is the handling of the `GOOGLE_MAPS_API_KEY` environment variable. Never commit your API key to version control. Use `.env` files that are listed in `.gitignore`.
+
+For a detailed security assessment, see [SECURITY_ASSESSMENT.md](./SECURITY_ASSESSMENT.md).