diff --git a/docs/features/harness_engineering/harness_engineering_execution_plan.md b/docs/features/harness_engineering/harness_engineering_execution_plan.md
index 30ffd34..0a0d234 100644
--- a/docs/features/harness_engineering/harness_engineering_execution_plan.md
+++ b/docs/features/harness_engineering/harness_engineering_execution_plan.md
@@ -6,6 +6,26 @@
 
 ---
 
+## Area 0: Swarm Baseline Architecture Upgrades (Prerequisites)
+*Before writing a single line of Harness Engineering code, the underlying generic Swarm Platform must be refactored to support Agent-level security sandboxing and dynamic personalities.*
+
+### Task 0.1: Skill-to-Session Binding (Principle of Least Privilege)
+Currently, all available skills are likely loaded into a global pool. Giving an autonomous Agent access to a "Global Pool" is a catastrophic security risk if it suffers prompt injection.
+- **Action:** Refactor the Database Models to support a Many-to-Many mapping: `Session <-> Skill`.
+- **Action:** Modify the LLM prompt constructor in `profiles.py`. Before requesting the LLM to execute, it must query the DB for the specific `session_id`, retrieve the bounded active skills (e.g., *only* `pytest` and `cat`), and pass those restricted Tool definitions to the OpenAI API.
+
+### Task 0.2: Dynamic System Prompts per Session
+Currently, the system likely defaults to `DEFAULT_PROMPT_TEMPLATE` for all chat sessions. Autonomous Agents cannot run without highly specialized System Prompts (e.g., `github_reviewer.md` vs `deploy_bot.md`).
+- **Action:** Add a `system_prompt_override` text column or file-reference to the underlying `Session` model.
+- **Action:** Update the Chat Engine to natively conditionally load this localized prompt instead of the global default.
+
+### Task 0.3: Session Locking (Purge Protection)
+In the existing Swarm Control UI, users have a "Clean up all sessions" global purge button. If an `AgentInstance` natively maps to a `Session` ID to store its memory loop, a human pressing that purge button would instantly lobotomize all active background Agents by wiping their chat histories.
+- **Action (Backend):** Expand the `Session` DB model with an `is_locked` (Boolean) property. Update the `DELETE /api/v1/sessions/purge` endpoint to strictly run a condition (`WHERE is_locked = False`), making active Agents immune to global deletion sweeps.
+- **Action (Frontend):** In the normal Swarm Control sidebar, visually render a literal 🔒 Lock Icon next to any session where `is_locked` is true. Disable the manual delete button for that specific row, enforcing that an Agent's memory can only be purged by destroying the Agent itself from the Orchestrator Dashboard.
+
+---
+
 ## Area 1: Core Database & Context Scaffolding
 *The foundational building blocks required to store and track Agents in the `ai-hub` system.*