sharira 1.1.0

Sharira — physiology engine for skeletal structures, musculature, locomotion, and biomechanics
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in sharira, please report it
responsibly through **GitHub Security Advisories**:

1. Go to the [Security tab](../../security/advisories) of this repository.
2. Click **"Report a vulnerability"**.
3. Fill in the details and submit.

**Do not open a public issue for security vulnerabilities.**

## Response Timeline

| Action | Target |
|---|---|
| Acknowledgement | Within **48 hours** |
| Initial assessment | Within **5 business days** |
| Fix for critical severity | Within **14 days** |
| Fix for high severity | Within **30 days** |
| Fix for moderate/low severity | Next scheduled release |

## Scope

This policy covers the `sharira` crate and its published API. Vulnerabilities
in dependencies should be reported to the respective upstream projects (and
flagged here if they affect sharira users).

## Supported Versions

| Version | Supported |
|---------|-----------|
| 1.x | Yes |
| < 1.0 | No |

## Design Principles

- **Zero unsafe** — no `unsafe` blocks anywhere in the codebase
- **No unwrap/panic** — all error paths return `Result` or safe defaults
- **No I/O** — pure computation library, no network or filesystem access
- **Minimal dependencies** — hisab (math), serde, thiserror, tracing only
- **Supply chain**`cargo audit` and `cargo deny` in CI on every push

## Disclosure

We follow coordinated disclosure. Once a fix is released, we will publish a
security advisory crediting the reporter (unless anonymity is requested).