docs: AI-HPP v4.1.1 — threat model, architecture, and red-team clarifications

[tryblackjack]

Motivation

• Normalize terminology and tighten cryptographic/lineage language across the specification to reduce ambiguity in governance verification.
• Expand the threat model to cover signing identity/key drift risks and provide forensic Evidence Vault fields to support cross-epoch validation.
• Clarify architecture wording around the MDP safe graph and make the normative/advisory boundary explicit for certification scope.
• Record the red-team attack model capabilities to document test assumptions and validation coverage for the new threat class.

Description

• Updated annex/A-THREAT-MODEL.md to use policy-lineage hash-chain verification and added T-4.1-004 Key Drift / Signing Identity Compromise with attack mechanics, detection signals, mitigations, and Evidence Vault fields (key_id, rotation_epoch, revocation_flag, lineage_root_hash).
• Edited AI_HPP_ARCHITECTURE_V4.md to emphasize the MDP safe graph terminology and add 4.5 Normative Requirements Boundary (v4.1.1) clarifying which sections are normative vs advisory.
• Extended RED_TEAM_AUDIT_REPORT.md with Attack Model Capability (v4.1.1) describing surface coverage, model/agentic capabilities, multi-agent test rig, and cryptographic bypass assumptions that validate mitigations including the new T-4.1-004 entry.
• Changes are documentation-only, semantic, and non-breaking; the commit was recorded as 0e9e148 and the PR created with the described summary.

Testing

• Ran git diff --check to verify no patch/whitespace issues and it passed successfully.
• Reviewed diffs with git diff -- AI_HPP_ARCHITECTURE_V4.md RED_TEAM_AUDIT_REPORT.md annex/A-THREAT-MODEL.md to confirm intended edits were applied.
• Verified repository status with git status --short and committed the changes with git commit, which completed successfully and produced commit 0e9e148.
• No runtime or unit tests were required because the modifications are documentation-only and non-functional.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: af1f35918a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Fix threat ID in mitigation coverage list

The coverage list references T-3.4-001, but that threat ID does not exist in the repository (the corresponding multi-agent entry is T-4.1-001 in annex/A-THREAT-MODEL.md). This breaks traceability for auditors or tooling that map red-team results to threat definitions, because the reported validation cannot be resolved to a defined threat item.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Narrow validation claim for key-compromise threat

This section claims the attack model is sufficient to validate T-4.1-004, but the same section states the adversary had no access to signing keys or privileged bypass, while T-4.1-004 explicitly includes key extraction/identity-compromise mechanics in annex/A-THREAT-MODEL.md. As written, the report overstates test coverage for that threat class and can mislead readers about what was actually validated.

Useful? React with 👍 / 👎.