Threat Model

Canonical threat model content is maintained in: - doc/governance/Security_Threat_Model.md

This architecture pointer exists for queue acceptance checks and cross-doc linking.

Key threat focus for runtime key handling: - prevent persistent user private-key storage and retrieval paths - reduce credential exposure by requiring user-managed public keys and short-lived access controls