chore: add community health files and CI workflow

Add contribution, security, and conduct documentation; issue and PR templates; release and dependency automation configuration; and a basic GitHub Actions CI workflow. Also update the English and Chinese READMEs with project health links and a CI badge.

Author: B143KC47

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Report a reproducible problem in the SSH MCP server
+title: "[Bug] "
+labels: [bug]
+assignees: []
+---
+
+## Summary
+
+Describe the problem in one or two sentences.
+
+## Environment
+
+- OS:
+- Node.js version:
+- MCP client:
+- Repository version / commit:
+
+## Steps to reproduce
+
+1.
+2.
+3.
+
+## Expected behavior
+
+What should have happened?
+
+## Actual behavior
+
+What happened instead?
+
+## Relevant config / logs
+
+Paste sanitized snippets only. Do not include private keys, passwords, tokens, or sensitive hostnames.
+
+## Additional context
+
+Anything else that helps reproduce or diagnose the issue.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security issue
+    url: https://github.com/B143KC47/ssh_mcp/blob/main/SECURITY.md
+    about: Please use the security reporting process instead of a public issue.
+  - name: Documentation and setup guide
+    url: https://github.com/B143KC47/ssh_mcp#readme
+    about: Check the README before opening a setup or usage issue.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest a new capability or workflow improvement
+title: "[Feature] "
+labels: [enhancement]
+assignees: []
+---
+
+## Problem to solve
+
+What workflow is currently painful or missing?
+
+## Proposed solution
+
+Describe the change you want to see.
+
+## Why it matters
+
+How would this help users adopt or trust the project?
+
+## Possible design notes
+
+Optional: MCP API shape, SSH behavior, security constraints, or UX considerations.
+
+## Alternatives considered
+
+What other approaches did you evaluate?

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,19 @@
+## Summary
+
+Explain what changed and why.
+
+## Validation
+
+- [ ] `npm run build` passed locally
+- [ ] Docs/examples were updated if needed
+- [ ] I considered security implications
+
+## Checklist
+
+- [ ] This PR is focused and limited in scope
+- [ ] User-facing behavior is documented
+- [ ] Sensitive values are not included in logs, screenshots, or examples
+
+## Notes for reviewers
+
+Anything you want reviewers to pay extra attention to.

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 3

.github/release.yml

@@ -0,0 +1,32 @@
+changelog:
+  categories:
+    - title: 🚀 Features
+      labels:
+        - feature
+        - enhancement
+    - title: 🐛 Fixes
+      labels:
+        - bug
+        - fix
+    - title: 🛡 Security
+      labels:
+        - security
+    - title: 📝 Documentation
+      labels:
+        - documentation
+        - docs
+    - title: 🧰 Maintenance
+      labels:
+        - chore
+        - dependencies
+exclude:
+  labels:
+    - skip-release-notes
+template: |
+  ## What's changed
+
+  $CHANGES
+
+  ## Contributors
+
+  $CONTRIBUTORS

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build

CODE_OF_CONDUCT.md

@@ -0,0 +1,29 @@
+# Code of Conduct
+
+This project aims to be welcoming, practical, and respectful.
+
+## Expected behavior
+
+- Be respectful and constructive
+- Focus feedback on ideas, code, and outcomes
+- Assume good intent, but communicate clearly
+- Help keep discussions useful for contributors from different backgrounds and experience levels
+
+## Unacceptable behavior
+
+- Harassment, insults, or personal attacks
+- Hate speech or discriminatory language
+- Doxxing or sharing private information without consent
+- Repeated spam, trolling, or deliberately disruptive behavior
+
+## Scope
+
+This applies to issues, pull requests, code review, and project discussions.
+
+## Enforcement
+
+The maintainer may edit, hide, lock, or remove content that violates these expectations and may restrict participation for repeated or severe violations.
+
+## Reporting
+
+If you experience or witness a serious conduct issue, report it privately when possible. For non-sensitive moderation problems, a maintainer issue is also acceptable.

CONTRIBUTING.md

@@ -0,0 +1,53 @@
+# Contributing to SSH MCP Server
+
+Thanks for considering a contribution.
+
+## Best ways to contribute
+
+- Report bugs with clear reproduction steps
+- Propose new MCP workflows or SSH safety features
+- Improve docs, examples, and onboarding
+- Submit focused pull requests with one clear goal
+
+## Before you start
+
+1. Search existing issues and pull requests first
+2. For larger changes, open an issue to discuss the use case
+3. Keep security and backwards compatibility in mind
+
+## Local development
+
+```bash
+npm install
+npm run build
+npm run dev -- --project-root .
+```
+
+## Project expectations
+
+- Preserve the security-first design of the server
+- Keep MCP tool names stable unless there is a strong reason to change them
+- Prefer standard OpenSSH behavior over custom configuration formats
+- Update both `README.md` and `README.zh-CN.md` when user-facing behavior changes
+- Update examples when configuration or setup steps change
+
+## Pull request checklist
+
+- [ ] The change solves one clear problem
+- [ ] `npm run build` passes
+- [ ] User-facing changes are documented
+- [ ] New config or workflow behavior is reflected in examples
+- [ ] Security implications were considered
+
+## Reporting security issues
+
+Please do **not** open public issues for vulnerabilities. Follow the process in [SECURITY.md](SECURITY.md).
+
+## Code review style
+
+Smaller, focused pull requests are reviewed faster. If a change is large, explain:
+
+- the user problem
+- the design tradeoffs
+- the security implications
+- how you verified the result

README.md

@@ -1,6 +1,7 @@
 # SSH MCP Server
 
 [![GitHub stars](https://img.shields.io/github/stars/B143KC47/ssh_mcp?style=flat-square)](https://github.com/B143KC47/ssh_mcp/stargazers)
+[![CI](https://github.com/B143KC47/ssh_mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/B143KC47/ssh_mcp/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/license-MIT-green?style=flat-square)](LICENSE)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.x-3178c6?style=flat-square&logo=typescript&logoColor=white)](https://www.typescriptlang.org/)
 [![MCP](https://img.shields.io/badge/MCP-compatible-6e56cf?style=flat-square)](https://modelcontextprotocol.io/)
@@ -10,6 +11,14 @@
 
 Secure SSH access for MCP clients. `ssh_mcp` lets Claude Desktop, VS Code Copilot, Augment, and other MCP-compatible agents run remote commands through a safety-first SSH proxy with OpenSSH config compatibility, connection pooling, and output guardrails.
 
+## Project health
+
+- [Contributing guide](CONTRIBUTING.md)
+- [Security policy](SECURITY.md)
+- [Code of conduct](CODE_OF_CONDUCT.md)
+- [Open an issue](https://github.com/B143KC47/ssh_mcp/issues)
+- [View CI runs](https://github.com/B143KC47/ssh_mcp/actions/workflows/ci.yml)
+
 ## Why developers pick this project
 
 - **Use the SSH config you already know**: standard OpenSSH fields like `Host`, `HostName`, `User`, `Port`, `IdentityFile`, and `ProxyJump`
@@ -221,6 +230,13 @@ npm run inspect
 
 Issues and pull requests are welcome. If you want support for more MCP clients, stronger security policies, or better SSH ergonomics, open an issue and share the workflow you want to enable.
 
+For contributor workflow details, see [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## Community
+
+- Please follow the expectations in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)
+- For security issues, use [SECURITY.md](SECURITY.md) instead of filing a public bug report
+
 ## License
 
 MIT — see [LICENSE](LICENSE).