35e4cf0da4
- Remove hardcoded API key and URL from debug-n8n-auth.ts - Require environment variables with proper validation - Add comprehensive SECURITY.md with best practices - Address security concerns raised in issue #18 The SecureKeyGuard alert was a false positive (mistaking "validate_workflow" for "VAULT_TOKEN"), but the review uncovered actual hardcoded credentials that have now been removed. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>