Initial commit

skills/mcp-server-creator/workflow/phase-4-security.md

@@ -0,0 +1,61 @@
+# Phase 4: Environment & Security
+
+**Purpose**: Secure secrets and configure environment
+
+## Generate .env.example
+
+```bash
+# API Keys and Secrets
+API_KEY=your_api_key_here
+DATABASE_URL=postgresql://user:pass@localhost:5432/db
+
+# Server Configuration
+PORT=3000
+LOG_LEVEL=info
+```
+
+## Generate .gitignore
+
+```
+# Dependencies
+node_modules/
+.venv/
+__pycache__/
+
+# Build outputs
+build/
+dist/
+*.pyc
+
+# Environment
+.env
+.env.local
+
+# IDE
+.vscode/
+.idea/
+*.swp
+
+# Logs
+*.log
+
+# OS
+.DS_Store
+Thumbs.db
+```
+
+## Security Best Practices
+
+- ✓ Never commit .env files
+- ✓ Use environment variables for all secrets
+- ✓ Validate all inputs with schemas
+- ✓ Implement proper error handling (don't leak internals)
+- ✓ Use HTTPS for HTTP transport servers
+
+## Output
+
+Secure configuration with secrets management
+
+## Transition
+
+Proceed to Phase 5 (Claude Desktop Integration)