jivanu 1.0.0

Jivanu — microbiology engine for growth kinetics, metabolism, genetics, and epidemiology
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in jivanu, please report it
responsibly through **GitHub Security Advisories**:

1. Go to the [Security tab](../../security/advisories) of this repository.
2. Click **"Report a vulnerability"**.
3. Fill in the details and submit.

**Do not open a public issue for security vulnerabilities.**

## Response Timeline

| Action | Target |
|---|---|
| Acknowledgement | Within **48 hours** |
| Initial assessment | Within **5 business days** |
| Fix for critical severity | Within **14 days** |
| Fix for high severity | Within **30 days** |
| Fix for moderate/low severity | Next scheduled release |

## Supported Versions

| Version | Supported |
|---------|-----------|
| 1.x | Yes |
| < 1.0 | No |

## Scope

This policy covers the `jivanu` crate and its published API. Vulnerabilities
in dependencies (serde, thiserror, hisab, etc.) should be reported to the
respective upstream projects and flagged here if they affect jivanu users.

## Design Principles

- **No unwrap/panic** — all error paths return `Result` or safe defaults
- **No unsafe** — zero unsafe blocks in library code
- **No I/O** — pure computation, no network or filesystem access
- **Validated inputs** — all public functions validate parameters before use
- **Minimal dependencies** — serde, thiserror, tracing (required); hisab, kimiya, pramana (optional)
- **Supply chain**`cargo audit` and `cargo deny` in CI on every push

## Disclosure

We follow coordinated disclosure. Once a fix is released, we will publish a
security advisory crediting the reporter (unless anonymity is requested).