⚡ Bolt: canonicalize documentation links and fix broken security URLs

[soktri3]

💡 What: Updated documentation and community links across the organization profile to use their final canonical destination URLs. This includes fixing broken repository references and adding trailing slashes to external documentation links.

🎯 Why: Using non-canonical URLs (e.g., those missing trailing slashes or using old repository names) triggers server-side HTTP redirects (301, 302, 307, or 308). Each redirect adds at least one extra network round-trip (RTT), which can significantly delay page load or documentation navigation for users, especially on higher-latency connections.

📊 Impact:

• Latency Reduction: Eliminates ~50ms to 400ms of unnecessary network latency per link click.
• Reliability: Replaces the unreliable/broken spec.modelcontextprotocol.io with the stable canonical specification URL.
• Security: Fixes a 404 error in the security policy by pointing to the correct HackerOne organization endpoint.

🔬 Measurement: Verified using curl -s -o /dev/null -w "%{http_code} -> %{url_effective}\n" [URL]. All updated links now return 200 OK directly or lead to the final versioned destination without redundant intermediate redirects.

---

PR created automatically by Jules for task 14276889818735526820 started by @soktri3

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[gemini-code-assist]

Code Review

This pull request updates various documentation links across the repository, including security reporting URLs, specification references, and community resources. Key changes include migrating links from the specification repository to the main modelcontextprotocol repository and updating HackerOne reporting paths. A review comment points out an inconsistency in profile/README.md where a discussion link was updated to a repository-level URL while other parts of the documentation still point to the organization-level discussions, suggesting a revert to maintain consistency.

[gemini-code-assist]

This change introduces an inconsistency within the file and across the project's documentation. Line 18 of this same file still points to the organization-level discussions (https://github.com/orgs/modelcontextprotocol/discussions), as does line 10 of the root CONTRIBUTING.md for general discussions. Updating this link to the repository-level discussions while leaving the others pointing to the organization level creates confusion about the canonical 'community forum'. It is recommended to keep this link pointing to the organization-level discussions to maintain consistency.

Suggested change

	Have questions? Join the discussion in our [community forum](https://github.com/modelcontextprotocol/modelcontextprotocol/discussions).
	Have questions? Join the discussion in our [community forum](https://github.com/orgs/modelcontextprotocol/discussions).

[qodo-code-review]

Review Summary by Qodo

Canonicalize documentation links and fix broken security URLs

✨ Enhancement

Walkthroughs

Description

• Canonicalize specification URL from subdomain to main domain
• Fix broken HackerOne security submission links
• Add trailing slashes to Contributor Covenant documentation URLs
• Update Mozilla diversity repository to inclusion repository
• Redirect specification discussions to correct repository

Diagram

flowchart LR
  A["Non-canonical URLs"] -->|"Remove redirects"| B["Canonical URLs"]
  C["Broken security links"] -->|"Fix endpoints"| D["Valid HackerOne URLs"]
  E["Missing trailing slashes"] -->|"Add slashes"| F["Proper URL format"]
  G["Outdated repo references"] -->|"Update names"| H["Current repo names"]

Loading

File Changes

1. CODE_OF_CONDUCT.md ✨ Enhancement +3/-3

Fix Mozilla link and add trailing slashes

• Updated Mozilla diversity repository link to inclusion
• Added trailing slashes to Contributor Covenant FAQ and translations URLs

CODE_OF_CONDUCT.md

---

2. CONTRIBUTING.md ✨ Enhancement +1/-1

Redirect specification discussions to correct repo

• Updated specification discussions link from specification repository to modelcontextprotocol
 repository

CONTRIBUTING.md

---

3. SECURITY.md 🐞 Bug fix +2/-2

Fix broken HackerOne security submission URLs

• Fixed HackerOne submission form URL from anthropic-vdp to anthropic
• Fixed HackerOne program page URL from anthropic-vdp to anthropic

SECURITY.md

---

View more (3)

4. profile/CODE_OF_CONDUCT.md ✨ Enhancement +3/-3

Fix Mozilla link and add trailing slashes

• Updated Mozilla diversity repository link to inclusion
• Added trailing slashes to Contributor Covenant FAQ and translations URLs

profile/CODE_OF_CONDUCT.md

---

5. profile/CONTRIBUTING.md ✨ Enhancement +1/-1

Redirect specification contributions to correct repo

• Updated specification contributions link from specification repository to modelcontextprotocol
 repository

profile/CONTRIBUTING.md

---

6. profile/README.md ✨ Enhancement +3/-3

Canonicalize specification URL and fix discussions link

• Changed specification URL from spec.modelcontextprotocol.io subdomain to
 modelcontextprotocol.io/specification
• Updated community forum discussions link from modelcontextprotocol to
 modelcontextprotocol/modelcontextprotocol

profile/README.md

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

1. Conflicting discussion links 🐞 Bug ⚙ Maintainability

Description

profile/README.md now links the generic “community forum” call-to-action to the
modelcontextprotocol/modelcontextprotocol repo discussions, while the same README’s header
“Discussions” link and CONTRIBUTING.md still direct general discussions to the organization
discussions page. This creates conflicting guidance about where users should ask questions, likely
splitting traffic across two discussion boards.

Code

profile/README.md[50]

Evidence

The profile README now contains two different “discussions” destinations, while CONTRIBUTING.md
still instructs users to use org discussions for general topics, making the profile README’s generic
CTA inconsistent with the documented guidance.

profile/README.md[15-19]
profile/README.md[47-51]
CONTRIBUTING.md[7-12]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`profile/README.md` points to two different discussion destinations:
- Header nav “Discussions” -> org discussions
- “community forum” -> `modelcontextprotocol/modelcontextprotocol` repo discussions

Given `CONTRIBUTING.md` still directs **general** discussions to org discussions, the generic “Have questions?” CTA in the profile README is now ambiguous and can misroute users.

### Issue Context
This PR also moved “specification discussions” to the main `modelcontextprotocol/modelcontextprotocol` repo discussions, suggesting an intentional consolidation for spec-related discussion. The profile README CTA should either:
- Keep pointing general questions to org discussions, or
- Explicitly state it’s for spec/main-repo discussions and update the header link to match (or add a short clarification distinguishing the two).

### Fix Focus Areas
- profile/README.md[15-19]
- profile/README.md[47-51]
- CONTRIBUTING.md[7-12]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fb1839f52b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Point community forum link to organization discussions

This change routes the “community forum” to modelcontextprotocol/modelcontextprotocol/discussions, which is the spec-repo discussion board, not the org-wide forum used elsewhere for general questions. In this repo, CONTRIBUTING.md explicitly separates spec-specific discussions from general organization discussions, and the same README header still links to orgs/modelcontextprotocol/discussions; keeping this link repo-scoped can misdirect non-spec questions and fragment discussion traffic.

Useful? React with 👍 / 👎.