# Metadata filtering approach
results = vector_store.similarity_search(
    query,
    filter={"tenant_id": current_user.tenant_id}
)

@dataclass
class Document:
    id: str
    content: str
    tenant_id: str
    access_groups: list[str]
    classification: str  # public, internal, confidential

def can_access(user: User, doc: Document) -> bool:
    return (
        user.tenant_id == doc.tenant_id
        and any(g in doc.access_groups for g in user.groups)
        and user.clearance >= doc.classification
    )

def sanitize_retrieved_context(chunks: list[str]) -> str:
    """Sanitize retrieved chunks before including in prompt."""
    sanitized = []
    for chunk in chunks:
        # Remove potential instruction patterns
        cleaned = remove_instruction_patterns(chunk)
        # Escape special characters
        escaped = escape_prompt_chars(cleaned)
        sanitized.append(escaped)
    return "\n".join(sanitized)