feat: Phase 4 Behavioral Control Plane (v3.3.0)

- lib/fsm-journey.ts: JourneyFSM, ToolAuthorizationMatrix, ComplianceMiddleware,
  ComplianceViolationError, createDeliveryPipelineFSM, WORKFLOW_STATES
- lib/compliance-monitor.ts: ComplianceMonitor with async polling loop,
  RESPONSE_TIMEOUT, JOURNEY_TIMEOUT, TURN_TAKING, TOOL_ABUSE violation detection
- lib/mcp-blackboard-tools.ts: BlackboardMCPTools, registerBlackboardTools,
  BLACKBOARD_TOOL_DEFINITIONS (5 MCP-compatible tool definitions)
- index.ts: Phase 4 exports wired in
- test-phase4.ts: 147 tests covering all Phase 4 modules
- README.md: Phase 4 features, usage example, updated test count (462)
- SKILL.md: Phase 4 section + updated description
- CONTRIBUTING.md, SECURITY.md: updated for v3.3.0
- package.json: test:phase4 + test:all includes phase4, version 3.3.0

Total tests: 462 passing (79 + 33 + 139 + 64 + 147)

Author: jovanSAPFIONEER

CONTRIBUTING.md

@@ -16,7 +16,7 @@ Unsolicited PRs without a linked, approved issue will be closed.
 
 ### Code Quality
 
-- All 251+ existing tests must pass (`npm test`)
+- All 462+ existing tests must pass (`npm run test:all`)
 - Zero TypeScript compile errors (`npx tsc --noEmit`)
 - New features must include tests with >90% branch coverage
 - Follow existing code style and patterns
@@ -41,7 +41,7 @@ Unsolicited PRs without a linked, approved issue will be closed.
 2. Implement your change with tests
 3. Run the full test suite:
    ```bash
-   npm test
+   npm run test:all
    npx tsc --noEmit
    ```
 4. Open a PR referencing the approved issue
@@ -78,7 +78,8 @@ Unsolicited PRs without a linked, approved issue will be closed.
 git clone https://github.com/jovanSAPFIONEER/Network-AI.git
 cd Network-AI
 npm install
-npm test          # Run all 251 tests
+npm run test:all  # Run all 462 tests (5 suites)
+npm run test:phase4  # Phase 4 behavioral control plane tests only
 npx tsc --noEmit  # Type-check
 ```
 

SECURITY.md

@@ -4,12 +4,11 @@
 
 | Version | Supported |
 |---------|-----------|
-| 3.2.x   | Yes (latest) |
-| 3.1.x   | Security fixes only |
-| 3.0.x   | No        |
-| < 3.0   | No        |
-
-## Reporting a Vulnerability
+| 3.3.x   | Yes (latest) |
+| 3.2.x   | Security fixes only |
+| 3.1.x   | No |
+| 3.0.x   | No |
+| < 3.0   | No |
 
 **Do NOT open a public GitHub issue for security vulnerabilities.**
 
@@ -32,12 +31,14 @@ Network-AI includes built-in security features:
 - **Input validation** on all 20+ public API entry points
 - **Secure audit logging** with tamper-resistant event trails
 - **Justification hardening** (v3.2.1) -- prompt-injection detection (16 patterns), keyword-stuffing defense, repetition/padding detection, structural coherence validation
+- **FSM Behavioral Control Plane** (v3.3.0) -- state-scoped agent and tool authorization via `JourneyFSM` and `ToolAuthorizationMatrix`; unauthorized actions blocked with `ComplianceViolationError`
+- **ComplianceMonitor** (v3.3.0) -- real-time agent behavior surveillance with configurable violation policies, severity classification, and async audit loop
 
 ## Security Scan Results
 
 - **VirusTotal**: Benign (0/64 engines)
 - **OpenClaw Scanner**: Benign, HIGH CONFIDENCE
-- **CodeQL**: v3.2.10 -- all fixable alerts resolved; unused imports cleaned; false-positive detection patterns dismissed
+- **CodeQL**: v3.3.0 -- all fixable alerts resolved; unused imports cleaned; false-positive detection patterns dismissed
 - **Snyk**: All High/Medium findings resolved in v3.0.3
 
 ## Disclosure Policy

index.ts

@@ -2176,6 +2176,50 @@ export {
   TimeoutError,
 } from './lib/errors';
 
+// ============================================================================
+// Phase 4: Behavioral Control Plane
+// ============================================================================
+
+// FSM Journey Layer
+export {
+  JourneyFSM,
+  ToolAuthorizationMatrix,
+  ComplianceMiddleware,
+  ComplianceViolationError,
+  createDeliveryPipelineFSM,
+  WORKFLOW_STATES,
+} from './lib/fsm-journey';
+export type {
+  WorkflowStateDefinition,
+  StateTransition,
+  TransitionResult,
+  ComplianceCheckResult,
+  JourneyFSMOptions,
+} from './lib/fsm-journey';
+
+// Real-Time Compliance Monitor
+export { ComplianceMonitor } from './lib/compliance-monitor';
+export type {
+  ComplianceViolation,
+  ViolationType,
+  AgentAction,
+  AgentMonitorConfig,
+  ComplianceMonitorOptions,
+} from './lib/compliance-monitor';
+
+// MCP Blackboard Tool Bindings
+export {
+  BlackboardMCPTools,
+  registerBlackboardTools,
+  BLACKBOARD_TOOL_DEFINITIONS,
+} from './lib/mcp-blackboard-tools';
+export type {
+  MCPToolDefinition,
+  MCPJsonSchema,
+  BlackboardToolResult,
+  IBlackboard,
+} from './lib/mcp-blackboard-tools';
+
 /**
  * Factory function for creating a configured SwarmOrchestrator instance.
  *