docs: add community standards (CoC, Security, Contributing, issue/PR templates)

Author: jovanSAPFIONEER

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug Report
+about: Report a bug in Network-AI
+title: "[BUG] "
+labels: bug
+assignees: jovanSAPFIONEER
+---
+
+## Describe the Bug
+
+A clear description of what the bug is.
+
+## To Reproduce
+
+Steps to reproduce the behavior:
+
+1. Install version `...`
+2. Run this code:
+```typescript
+// Minimal reproduction
+```
+3. See error
+
+## Expected Behavior
+
+What you expected to happen.
+
+## Actual Behavior
+
+What actually happened. Include error messages or stack traces.
+
+## Environment
+
+- **Network-AI version**: 
+- **Node.js version**: 
+- **OS**: 
+- **TypeScript version**: 
+
+## Additional Context
+
+Any other context, screenshots, or logs.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,35 @@
+---
+name: Feature Request
+about: Suggest a feature for Network-AI
+title: "[FEATURE] "
+labels: enhancement
+assignees: jovanSAPFIONEER
+---
+
+## Problem Statement
+
+Describe the problem this feature would solve. What are you trying to do that you can't do today?
+
+## Proposed Solution
+
+Describe how you'd like this to work. Include API examples if possible:
+
+```typescript
+// How you'd expect to use this feature
+```
+
+## Alternatives Considered
+
+List any alternative solutions or workarounds you've considered.
+
+## Use Case
+
+Who benefits from this feature? What scenario does it enable?
+
+## Implementation Notes
+
+If you have thoughts on implementation approach, share them here. This is optional.
+
+---
+
+**Note:** Feature requests require maintainer approval before any PR is submitted. See [CONTRIBUTING.md](../../CONTRIBUTING.md).

.github/ISSUE_TEMPLATE/security.md

@@ -0,0 +1,36 @@
+---
+name: Security Vulnerability
+about: Report a security issue (use Security Advisories for private reports)
+title: "[SECURITY] "
+labels: security
+assignees: jovanSAPFIONEER
+---
+
+**STOP -- Is this a sensitive security vulnerability?**
+
+If yes, do NOT open this issue. Instead, report privately via [Security Advisories](https://github.com/jovanSAPFIONEER/Network-AI/security/advisories).
+
+---
+
+For non-sensitive security improvements (e.g., hardening suggestions, best practice recommendations):
+
+## Description
+
+What security improvement are you suggesting?
+
+## Current Behavior
+
+How does Network-AI currently handle this?
+
+## Suggested Improvement
+
+What should change?
+
+## Impact
+
+What is the risk level if this is not addressed?
+
+- [ ] Critical -- active exploitation possible
+- [ ] High -- exploitable under specific conditions
+- [ ] Medium -- defense-in-depth improvement
+- [ ] Low -- best practice alignment

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,39 @@
+## Description
+
+Brief description of what this PR does.
+
+**Linked Issue:** Fixes #___
+
+## Type of Change
+
+- [ ] Bug fix (non-breaking change that fixes an issue)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Security fix
+- [ ] Documentation update
+- [ ] Performance improvement
+
+## Checklist
+
+- [ ] I have an **approved issue** linked above
+- [ ] All **251+ tests pass** (`npm test`)
+- [ ] **Zero compile errors** (`npx tsc --noEmit`)
+- [ ] I added **new tests** for my changes
+- [ ] I updated **JSDoc** on any new/changed exports
+- [ ] I updated **README.md** (if user-facing)
+- [ ] I updated **CHANGELOG.md** under `[Unreleased]`
+- [ ] No new **runtime dependencies** added
+- [ ] No **hardcoded secrets** or credentials
+- [ ] I have read [CONTRIBUTING.md](../CONTRIBUTING.md)
+
+## Testing
+
+Describe the tests you added or how you verified this change:
+
+```bash
+# Commands used to test
+npm test
+```
+
+## Screenshots / Output
+
+If applicable, paste relevant output or screenshots.

CODE_OF_CONDUCT.md

@@ -0,0 +1,31 @@
+# Code of Conduct
+
+## Our Standards
+
+Network-AI is a professional open-source project. All participants are expected to:
+
+- Be respectful and constructive in all interactions
+- Focus on technical merit in discussions
+- Accept constructive criticism gracefully
+- Prioritize the project's quality and security
+
+## Unacceptable Behavior
+
+- Harassment, trolling, or personal attacks
+- Publishing others' private information
+- Spam, off-topic promotion, or low-effort contributions
+- Any conduct that would be inappropriate in a professional setting
+
+## Scope
+
+This Code of Conduct applies to all project spaces: issues, pull requests, discussions, and any public channel where you represent this project.
+
+## Enforcement
+
+Violations may result in comments being removed, issues being locked, or users being blocked from the repository.
+
+Report issues to the maintainer via [GitHub Issues](https://github.com/jovanSAPFIONEER/Network-AI/issues) or email.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1.

CONTRIBUTING.md

@@ -0,0 +1,87 @@
+# Contributing to Network-AI
+
+Network-AI is a solo-maintained project with high quality standards. Contributions are welcome but must meet strict requirements.
+
+## Before You Start
+
+**All contributions require prior discussion.** Do not open a pull request without an approved issue first.
+
+1. **Open an issue** describing the problem or feature
+2. **Wait for maintainer approval** before writing code
+3. Only after approval, fork and implement
+
+Unsolicited PRs without a linked, approved issue will be closed.
+
+## Requirements for All Contributions
+
+### Code Quality
+
+- All 251+ existing tests must pass (`npm test`)
+- Zero TypeScript compile errors (`npx tsc --noEmit`)
+- New features must include tests with >90% branch coverage
+- Follow existing code style and patterns
+- No new runtime dependencies without prior approval
+
+### Security
+
+- No hardcoded secrets, keys, or credentials
+- No new network calls without explicit justification
+- Input validation required on all public API entry points
+- Path traversal and injection protections where applicable
+
+### Documentation
+
+- JSDoc on all exported functions and classes
+- Update README.md if adding user-facing features
+- Update CHANGELOG.md under `[Unreleased]`
+
+## Pull Request Process
+
+1. Fork the repository and create a branch from `main`
+2. Implement your change with tests
+3. Run the full test suite:
+   ```bash
+   npm test
+   npx tsc --noEmit
+   ```
+4. Open a PR referencing the approved issue
+5. Fill out the PR template completely
+6. Wait for review -- the maintainer reviews all PRs personally
+
+### PR Review Criteria
+
+- Does it solve the approved issue?
+- Are tests comprehensive?
+- Is the code clean and idiomatic TypeScript?
+- Does it maintain backward compatibility?
+- Does it introduce any security concerns?
+
+## What We Accept
+
+- Bug fixes with reproduction steps and tests
+- Security improvements
+- Performance optimizations with benchmarks
+- New adapter implementations (following `BaseAdapter` pattern)
+- Documentation improvements
+
+## What We Do Not Accept
+
+- Breaking API changes without a migration path
+- Features that add external runtime dependencies
+- Code that reduces test coverage
+- Cosmetic-only changes (formatting, renaming)
+- AI-generated code without human review and testing
+
+## Development Setup
+
+```bash
+git clone https://github.com/jovanSAPFIONEER/Network-AI.git
+cd Network-AI
+npm install
+npm test          # Run all 251 tests
+npx tsc --noEmit  # Type-check
+```
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [MIT License](LICENSE).

SECURITY.md

@@ -0,0 +1,49 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 3.1.x   | Yes       |
+| 3.0.x   | Security fixes only |
+| < 3.0   | No        |
+
+## Reporting a Vulnerability
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+Instead, please report security issues privately:
+
+1. Go to the [Security Advisories](https://github.com/jovanSAPFIONEER/Network-AI/security/advisories) page
+2. Click **"Report a vulnerability"**
+3. Provide a clear description, reproduction steps, and impact assessment
+
+You will receive an acknowledgment within 48 hours and a detailed response within 7 days.
+
+## Security Measures in Network-AI
+
+Network-AI includes built-in security features:
+
+- **AES-256-GCM encryption** for blackboard data at rest
+- **HMAC-SHA256 signed tokens** via AuthGuardian with trust levels and scope restrictions
+- **Rate limiting** to prevent abuse
+- **Path traversal protection** in the Python blackboard (regex + resolved-path boundary checks)
+- **Input validation** on all 20+ public API entry points
+- **Secure audit logging** with tamper-resistant event trails
+
+## Security Scan Results
+
+- **VirusTotal**: Benign (0/64 engines)
+- **OpenClaw Scanner**: Benign, HIGH CONFIDENCE
+- **Snyk**: All High/Medium findings resolved in v3.0.3
+
+## Disclosure Policy
+
+We follow coordinated disclosure. We will:
+
+1. Confirm the vulnerability and determine its impact
+2. Develop and test a fix
+3. Release a patched version
+4. Credit the reporter (unless anonymity is requested)
+
+We ask that you give us reasonable time to address the issue before any public disclosure.