docs(README): fix stale version + 'future' mobile-mcp wording (#118)

dadachi · web-flow · commit 984f42ca2f32 · 2026-06-12T19:18:44.000+09:00
Two inaccuracies surfaced by an audit against the code:

- Contributing section said "stable now (v0.1.x)" and "CONTRIBUTING.md
  will land alongside v0.2" — but the package is 0.2.1 (tags v0.2.0/
  v0.2.1 exist) and the header already says "0.2.1 stable". Update to
  v0.2.x and drop the shipped-version reference.
- Security section listed "the future mobile-mcp client" among scrubbed
  subprocesses, but mobile-mcp is already spawned with scrubbedEnv()
  (src/mobile.ts:89). Drop "future".
diff --git a/README.md b/README.md
@@ -284,7 +284,7 @@ Report flags:
 
 **Don't** paste a real key into shell history (`HISTFILE` captures it), commit a `.env`, or echo the key into a non-private channel.
 
-The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMPLATE_AGENT_ANTHROPIC_KEY` from the environment of every subprocess it spawns — Ruby scripts, `git`, `psql`, `xcodebuild`, `gradlew`, the future mobile-mcp client. Keys are only seen by the Anthropic SDK in the Node process. Set spend limits on your API workspace as a backstop, and rotate the key if you suspect leak.
+The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMPLATE_AGENT_ANTHROPIC_KEY` from the environment of every subprocess it spawns — Ruby scripts, `git`, `psql`, `xcodebuild`, `gradlew`, the mobile-mcp client. Keys are only seen by the Anthropic SDK in the Node process. Set spend limits on your API workspace as a backstop, and rotate the key if you suspect leak.
 
 ## Project docs
 
@@ -294,7 +294,7 @@ The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMP
 
 ## Contributing
 
-Issues and PRs welcome. The repository is stable now (v0.1.x) — no more hackathon-pace rewrites. A `CONTRIBUTING.md` with detailed guidelines will land alongside v0.2.
+Issues and PRs welcome. The repository is stable now (v0.2.x) — no more hackathon-pace rewrites. A `CONTRIBUTING.md` with detailed guidelines is still to come.
 
 For now, the simplest path is: open an issue describing what you're trying to do, and we'll figure out the right shape together before code lands. Bug reports with reproducible commands (and the `/tmp/<dir>/tmp/trace/` log) are especially welcome.
 
