Local-first boundaries

Data Handling

The data posture is built around user-approved sources, matter privacy, no-training defaults, and reviewable provenance.

Local folder access should be limited to explicit allowlists.

Generated organized files should be written outside original input roots.

Every source can carry path, hash, date, class, parser status, and review state.

Private matter data should be used for retrieval and inference only unless explicitly opted in.

Traces, assets, and documents need retention and deletion policies.

Sensitive prompts, traces, and exports should support redaction and review.

Private work stays privateLocal-first design is a practical privacy advantage.

Provenance mattersA grounded answer is only as strong as its source record.

Bring this lane back into the full SENTINEL workbench.