tinyjuice 0.2.1

Pluggable token compression for OpenHuman.
Documentation
# Security Policy

TinyJuice is a token compression library. Security-sensitive areas include
prompt and context handling, sensitive data retention, accidental disclosure in
reports or logs, policy-preserved instructions, and credentials included in
model-facing context.

Report concerns to `contact@tinyhumans.ai`.

## Supported Versions

TinyJuice is pre-1.0. Security fixes target the `main` branch until the project
starts maintaining release branches.

## Reporting A Vulnerability

Please do not open a public issue for a suspected vulnerability.

Report security concerns by emailing `security@tinyhumans.ai` with:

- a description of the issue
- affected versions or commits
- reproduction steps or proof of concept
- impact assessment
- any suggested fix or mitigation

We will acknowledge reports as quickly as practical and coordinate disclosure
before publishing details.

## Scope

Examples of in-scope issues:

- leaking raw prompt, context, or credential material through reports or logs
- dropping system or safety instructions despite preservation policy
- cross-conversation context leakage in adapter code
- unsafe handling of credentials or secrets embedded in model input
- dependency vulnerabilities with a practical exploit path in TinyJuice

Examples generally out of scope:

- model hallucination or low-quality model output by itself
- expected information loss from an explicitly selected lossy strategy
- vulnerabilities in downstream applications that use TinyJuice incorrectly

## Security Design Direction

TinyJuice should treat prompt and context input as sensitive. Compression
strategies should avoid logging raw text, make lossy behavior explicit, and
preserve caller-marked instructions unless the caller opts into a different
policy.