diff --git a/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md b/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md
index 40376978..8bf49130 100644
--- a/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md
+++ b/docs/devops/vercel/CODEX_PROMPTS_TRACK_A_AZURE_VM.md
@@ -49,6 +49,16 @@ dig +short admin.bytelyst.com    # must return VM IP
 dig +short tracker.bytelyst.com  # must return VM IP
 ```
 
+### Internal-only services policy
+
+Keep these classes of services on the VM in Docker and treat them as internal-only:
+
+- admin and operator dashboards
+- monitoring and observability tools such as Grafana, Loki, Prometheus, and Alertmanager
+- future cache and datastore services such as Valkey and PostgreSQL + pgvector
+
+Do not expose raw service ports publicly. If browser access is required, front the service through Caddy with authentication and preferably IP allowlisting, VPN, or SSO.
+
 ---
 
 ## A1: Caddy Gateway — Replace Traefik with Caddy
diff --git a/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md b/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md
index 1e4be56b..b2f84f75 100644
--- a/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md
+++ b/docs/devops/vercel/TRACK_A_HANDOFF_2026-03-29.md
@@ -7,6 +7,7 @@ Architecture decision after this handoff:
 - The VM should host self-hosted infrastructure, backend APIs, and internal web tools in Docker
 - `api.bytelyst.com`, `gitea.bytelyst.com`, `admin.bytelyst.com`, and `tracker.bytelyst.com` should point to the VM
 - Monitoring and observability stacks such as Grafana and Loki should stay on the VM as internal-only tools
+- Future shared infrastructure such as Valkey and PostgreSQL + pgvector should also be treated as VM-hosted internal services
 - Only clearly public-facing sites should be considered for Vercel later
 
 ## What Was Completed