Probabilistic components and deterministic ones.

A model is a probabilistic component: the same input may produce different output. A database is not. Addition is not. Neither is an authorisation check.

Engineering means composing both kinds correctly, not pretending one of them does not exist. Wherever the business says "this must hold", a probabilistic component has no business being in charge.

Don't write an if in a prompt.

"If the user lacks permission, refuse to answer" — put that in a prompt and your authorisation system now has some probability of failing. Maybe one in a thousand. It is not zero.

The correct move is to filter the inaccessible data out before the model is ever called. What the model cannot see, it cannot leak.

Put the uncertainty in a small box.

The shape to aim for: the model does exactly one thing — "extract the date from this sentence" — and hands the result straight to a strict validator. Passing continues; failing retries or errors.

The smaller the box, the more tests you can point at it, and the easier failure is to locate. A pipeline driven end-to-end by a model gives you almost nowhere to start.