Add agent-level context isolation and governance controls
Follow up to: #3582504 _**NOTE: Before working on this issue, verify it's still relevant and makes sense.**_ **Description:** Introduce governance controls for limiting which agents can access which context. This should support safer multi-agent deployments and reduce accidental context leakage between unrelated use cases. **Includes:** - `2.3` Context isolation between agents **Scope:** - Design an isolation model for agent-specific context access. - Evaluate whether isolation should use domains, taxonomy, config, permissions, or another mechanism. - Ensure isolation works alongside existing scope subscriptions and inclusion overrides. - Add tests for agent separation and fallback behavior. **Acceptance criteria:** - Context can be restricted to specific agents or agent groups. - Existing global/context scope behavior remains backwards-compatible. - Access rules are deterministic and documented. - Tests cover allowed, denied, and shared context cases. [x] AI Assisted Issue
issue