Follow up to: #3582494 _**NOTE: Before working on this issue, verify it's still relevant and makes sense.**_ **Description** We need to decide how AI Context should model fine-grained policies for who or what can receive context, where context may be sent, and whether context must be transformed before injection. This issue is for discussion and design only. Coarse published-context access exists, but role restrictions, provider restrictions, sensitivity classification, data residency, PII redaction, and federation policy need a shared architecture. Questions to resolve: - Should policies be fields, config entities, plugins, scopes, or a combination? - How should role-based context access work? - How should provider restrictions and data residency rules work? - How should sensitivity classification be represented? - Where should PII redaction happen in the selection/render/injection flow? - How should policy decisions be audited? - How should policies affect caching and federation? - What follow-up issues should be created? Potential follow-ups: - Add role-based context access - Add boundary/data residency rules - Add provider restrictions - Add sensitivity classification - Add PII redaction middleware - Add persona-aware context views - Add federation policy enforcement [x] AI Assisted Issue