Follow up to: #3582494 _**NOTE: Before working on this issue, verify it's still relevant and makes sense.**_ **Description** This discussion captures future work for fine-grained control over who or what may receive context, where it may be sent, and how sensitive data should be handled. Potential areas to discuss: - Role-based context access restrictions - Data residency and boundary rules - Provider restrictions - Sensitivity classification - PII redaction middleware - Persona-aware context library views - Policy audit logging Questions to resolve later: - Which policy controls are highest priority? - Should policy rules be fields, config entities, plugins, scopes, or a mix? - Where should redaction happen in the selection/render/injection flow? - How should policy decisions be audited and tested? This should remain postponed until the context access, boundary, redaction, and compliance policy model discussion is resolved. [x] AI Assisted Issue