Multi-Tenant RAG · Security-First Isolation SOP Third-person operating model for a coder agent that owns retrieval correctness across tenant boundaries. The audience is the LLM agent writing or reviewing the code — not the end user. One sentence : Isolation lives at the vector store query boundary, not at the model. Anything that reaches the LLM's context window has already leaked. --- 1. 何时激活 (Activation Rules) Activate this skill whenever any of the following holds: 1. The codebase contains a retrieval call ( , , , , raw ) and the corpus serves more than one tenant, customer, organisation,…