fix(C01,C03,C05,C11,C12,AppC): correct requirement level assignments

[vtknightmare]

Level calibration against L1=baseline / L2=standard / L3=high-assurance.

• C01 1.2.4: L3 -> L2. Dataset versioning (DVC, MLflow, Git-LFS) is standard MLOps practice, not high-assurance.
• C03 3.2.4: L1 -> L2. Automated deployment blocking on safety evaluation failure requires CI/CD pipeline infrastructure not assumed at baseline.
• C05 5.6.1: L2 -> L3. KV-cache partitioning requires access to inference framework internals most operators do not have.
• C11 11.4.2: L1 -> L2. Calibrating rate limits to a specific inversion threat model requires threat modeling work not present at baseline.
• C12 12.5.1: L2 -> L3. Validating consent scope covering data subjects whose data materially influenced a response requires determining training data influence per inference, an open problem.
• AppC AC.9.1: L1 -> L2. Signed SLSA/in-toto provenance attestations require a mature MLOps provenance pipeline, not present at baseline.
• AppC AC.9.2: L2 -> L3. Restores level progression after AC.9.1 move.
• AppC AC.5.2: L2 -> L3, plus conditioner. Most commercial AI coding tools do not surface training citations.

[RicoKomenda]

The description lists 8 level changes, but the diff only has 3 (C03 3.2.4, C05 5.6.1, C11 11.4.2). The C01, C12, and Appendix C changes aren't here. Did you mean to push more commits, or should the description be trimmed to match?

[vtknightmare]

The description lists 8 level changes, but the diff only has 3 (C03 3.2.4, C05 5.6.1, C11 11.4.2). The C01, C12, and Appendix C changes aren't here. Did you mean to push more commits, or should the description be trimmed to match?

Tooling bug on my end. The script applied edits to the working tree before branching, and shared files across PRs meant some ended up on the wrong branch. Rebuilt from a clean main; all 8 level changes (C01 1.2.4, C03 3.2.4, C05 5.6.1, C11 11.4.2, C12 12.5.1, AppC AC.9.1/9.2/5.2) are now in the diff. The level decisions themselves are unchanged.
Force-pushed.

[RicoKomenda]

Thanks, the full set is here now. C01 1.2.4, C12 12.5.1, C05 5.6.1, C11 11.4.2, and AppC AC.9.1 all look well-calibrated.

One pushback and one note:

• C03 3.2.4 (L1->L2): this splits oddly from 3.2.3. If safety evals with pass/fail thresholds run at L1, but blocking deploy on failure is only required at L2, then L1 evaluates without acting on the result. I'd keep 3.2.4 at L1 alongside 3.2.3.
• AppC AC.5.2: the L3 move is fine, but "where the AI tool supports citation retrieval" makes the control vacuous when the tool doesn't support it. Worth reconsidering the conditioner.

[ottosulin]

LGTM, with the exception that I agree with Rico on C03 3.2.4 change should be reverted.

[vtknightmare]

LGTM, with the exception that I agree with Rico on C03 3.2.4 change should be reverted.

Agreed on both. 3.2.4 is back at L1 - you're right that splitting the eval run and the blocking gate across levels means baseline deployments evaluate without acting on the result, which defeats the point. On AC.5.2: conditioner removed, L3 move stays. At L3 the expectation is that orgs select tools that actually support citation surfacing; the conditioner was an unnecessary out.