feat(security): add Dependabot and optional rate limiting

[guillegarciac]

Security Enhancements

This PR adds automated security monitoring and optional rate limiting based on a comprehensive security audit.

Changes

1. GitHub Dependabot Configuration (.github/dependabot.yml)

   • Automated dependency vulnerability scanning
   • Monitors npm, GitHub Actions, and Docker
   • Weekly scans with grouped updates

2. Optional Rate Limiting (src/http-server.ts)

   • Disabled by default (opt-in)
   • Enable: ENABLE_RATE_LIMITING=true
   • Configurable via environment variables
   • Uses existing express-rate-limit dependency

Security Impact

• Proactive vulnerability detection - Automated Dependabot scanning
• Brute force protection - Optional rate limiting when enabled
• Zero breaking changes - All features opt-in
• Zero performance impact - Rate limiting disabled by default

Testing

• All existing tests pass (3,336 tests)
• Rate limiting tested when enabled
• Dependabot configuration validated
• No breaking changes introduced

Backwards Compatibility

✅ 100% Backwards Compatible

• Dependabot is configuration only
• Rate limiting disabled by default
• No changes to existing behavior

Configuration Examples

Enable rate limiting (optional):
export ENABLE_RATE_LIMITING=true
export RATE_LIMIT_WINDOW_MS=60000 # 1 minute window
export RATE_LIMIT_MAX_REQUESTS=100 # 100 requests per window### Security Audit Context

These changes address HIGH and LOW priority recommendations from a comprehensive security audit:

• Overall security score: 8.5/10 (STRONG)
• 0 critical vulnerabilities found
• 11 excellent security implementations validated
• Based on mcpserver-audit framework (CSA MCP Security Initiative)

---

Ready for review! All changes are opt-in with zero breaking changes.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!