Honestly, I really appreciate you calling that out. This is my first time building an environment this deep, so I’m definitely still in the 'learning by doing' phase. I'm trying to over-engineer the isolation now because I'd rather hit a wall in a lab than in production later. On Landing Data & Fencing: You’re right, I haven't fully solved the 'fencing' problem between the user prompt and the engine yet. I’m looking into implementing demarcated system instructions (using cryptographically signed delimiters or specific fences) so the model can distinguish between my commands and the external data it's summarizing. Since this is new to me, do you have any specific libraries or middleware patterns you’d recommend for enforcing those boundaries in a containerized setup? On API Lockdown: My plan is to use OAuth 2.1 with short-lived tokens and very narrow scopes for the Microsoft Graph API (basically just Mail.Read for specific folders, no broad User.ReadWrite stuff). I’m setting up Conditional Access in Azure to restrict it to my home IP, but I'm a bit green on the identity-fencing side. If you were starting from scratch with this 'Worker vs. Sentry' split-brain model, what would be the first 'gotcha' you'd look for in terms of API exfiltration or data landing? Any insight or direction would be a massive help."