Add responsible-use documentation

Copilot · quantumdynamics927-dotcom · Copilot · commit 93d6897544d0 · 2026-03-26T00:43:58.000Z
Co-authored-by: quantumdynamics927-dotcom <247722560+quantumdynamics927-dotcom@users.noreply.github.com> Agent-Logs-Url: https://github.com/quantumdynamics927-dotcom/QPyth/sessions/3fa31fba-d58b-4db5-b313-d5fb708501d6
diff --git a/README.md b/README.md
@@ -247,6 +247,22 @@ print([record.record_id for record in get_available_dna_sequences()])
 This feature imports curated OpenQASM assets and exposes them as circuit-exploration data. It does not claim biological simulation fidelity.
 OpenQASM 3 assets require the optional dependency `qiskit_qasm3_import`.
 
+#### Responsible Use Notice
+
+The DNA-related features in QPyth are provided for educational, computational, and circuit-exploration purposes only.
+
+- They do not constitute biological modeling, clinical analysis, or validated genetic interpretation.
+- They do not provide medical, diagnostic, therapeutic, or laboratory guidance.
+- They are not intended for pathogen design, wet-lab experimentation, synthesis planning, or any harmful biological application.
+- They should not be relied upon as evidence of biological function, safety, or real-world DNA behavior.
+
+Any DNA-inspired or sequence-related assets in this repository are presented as computational abstractions or curated examples unless explicitly documented otherwise.
+
+#### Data Provenance
+
+Where bundled DNA or sequence-like assets are included, the repository should identify whether they are synthetic/demo-only, derived from public reference material, or transformed for educational use.
+Unless explicitly stated otherwise, treat such assets as illustrative and non-authoritative.
+
 **Available Hardware Profiles:**
 
 | Backend | Qubits | Avg T1 (μs) | Avg T2 (μs) | Avg Readout Error |
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,112 +1,87 @@
 # 🔒 Security Policy
 
-## Supported Versions
-
-| Version | Supported          |
-|---------|--------------------|
-| 0.2.x   | ✅ Active support  |
-| 0.1.x   | ❌ End of life     |
-
-Security updates are provided for the **latest stable release** on the `main` branch only.
-Users are encouraged to upgrade to the latest version to receive all security fixes.
-
----
+## Scope
 
-## 🛡️ Security Best Practices
+QPyth is an open-source quantum software toolkit. Some repository features use DNA-inspired or sequence-themed representations for computational exploration. These features are not biological simulation tools and are not intended for laboratory, medical, diagnostic, therapeutic, or bioengineering use.
 
-### What We Do
-
-- **Dependency scanning**: Automated checks for vulnerable dependencies
-- **Code review**: All PRs reviewed for security issues
-- **Input validation**: Sanitization of user-provided values
-- **Secure defaults**: Safe configurations out of the box
+## Supported Versions
 
-### Security Testing
+Security updates are provided for the latest stable release and the `main` branch.
 
-```bash
-# Check for known vulnerabilities
-pip-audit -r <(pip freeze)
+| Version | Supported |
+|---------|-----------|
+| Latest stable release | ✅ |
+| `main` branch | ✅ |
+| Older releases | ❌ |
 
-# Type checking for type-related issues
-mypy quantumpytho/
-
-# Static analysis
-ruff check .
-```
+Users should upgrade to the latest release to receive security fixes and dependency updates.
 
 ---
 
-## 📬 Reporting a Vulnerability
+## Security Boundaries
 
-### Responsible Disclosure
+QPyth should be treated as developer and research software, not as a safety-certified system. In particular:
 
-We take security seriously and appreciate your help in keeping QPyth safe.
+- outputs are not guaranteed to be biologically valid, clinically meaningful, or safe for real-world use
+- DNA-related features must not be used for synthesis, pathogen engineering, wet-lab experimentation, or operational biological decision-making
+- optional integrations and external services may introduce network, API, credential, or third-party dependency risk
 
-**If you find a security issue:**
+---
 
-1. **Do not** create a public GitHub issue
-2. Use GitHub Security Advisories:
-   - Go to the repository **Security** tab
-   - Click **Report a vulnerability**
-3. Alternatively, open a private issue with "SECURITY" in the title
+## What We Review
 
-### What to Include
+We aim to reduce risk through:
 
-- Description of the vulnerability
-- Steps to reproduce
-- Potential impact
-- Suggested fix (if any)
+- dependency monitoring
+- static analysis and linting
+- code review
+- input validation for user-facing interfaces
+- secure handling of optional integrations where applicable
 
-### Response Timeline
+Repository CI currently runs:
 
-| Stage | Expected Time |
-|-------|---------------|
-| Acknowledgment | 48 hours |
-| Triage | 7 days |
-| Fix | Priority-based |
-| Public disclosure | Coordinated |
+```bash
+ruff check .
+ruff format --check .
+pytest -v --tb=short
+pytest --cov=quantumpytho --cov-report=xml
+```
 
 ---
 
-## 🔐 Security Features
+## Reporting a Vulnerability
 
-### Dependency Security
+Please do not open a public issue for suspected vulnerabilities.
 
-```toml
-# pyproject.toml
-dependencies = [
-  "qiskit>=1.1.0",        # Version-pinned major releases
-  "qiskit-aer>=0.15.0",   # Latest stable with security fixes
-  "numpy>=2.0.0",         # Modern, maintained version
-]
-```
-
-### Input Validation
+Instead:
 
-All user inputs are validated:
+1. Use GitHub Security Advisories or private vulnerability reporting if it is enabled for the repository.
+2. If private reporting is unavailable, contact the maintainers privately and include `SECURITY` in the subject line.
 
-```python
-def read_float(prompt: str, min_val: float, max_val: float) -> float:
-    """Validates user input against bounds."""
-    # Raises ValueError if out of range
-```
+Please include:
 
-### Secure Defaults
+- affected component
+- reproduction steps
+- impact assessment
+- suggested mitigation, if available
 
-- QuantumSimulator (Aer) as default - no external connections
-- Local execution only - no remote API calls
-- Minimal permissions - no filesystem/network access
+We ask reporters to avoid public disclosure until the issue has been reviewed and a fix or mitigation is available.
 
 ---
 
-## 📚 Security Resources
+## Domain-Specific Responsible Use
+
+If you identify a risk involving:
+
+- misuse of DNA-related functionality
+- unsafe interpretation of sequence-like assets
+- misleading biological claims
+- dual-use or biosecurity concerns
 
-- [Qiskit Security](https://qiskit.org/security)
-- [PyPI Security](https://pypi.org/security/)
-- [OWASP Quantum Computing](https://owasp.org/www-project-quantum-computing/)
+please report it as a security concern even if it is not a traditional software exploit.
 
 ---
 
-## 🙏 Thank You
+## Disclaimer
 
-Your security reporting helps protect the entire quantum computing community.
+QPyth is provided for research, education, and software experimentation. It is not intended for clinical, medical, diagnostic, therapeutic, biosurveillance, synthesis, or wet-lab decision support.
