You could implement field-level access controls with attribute decorators that mask PII during serialization, similar to how SQLAlchemy's hybrid_property can transform data before it reaches the agent context.