Runtime containment preview

Model isolation domains, tool groups, memory scopes, and API boundaries. Preview-only — no guard wiring, container sandboxes, or runtime enforcement.