diff --git a/.github/codeql/certctl-models/models/request-forgery-sanitizers.model.yml b/.github/codeql/certctl-models/models/request-forgery-sanitizers.model.yml
deleted file mode 100644
index fd68a12..0000000
--- a/.github/codeql/certctl-models/models/request-forgery-sanitizers.model.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-# Models-as-Data sanitizer rows for the go/request-forgery query.
-#
-# Each row in `data` is a 9-tuple matching the `barrierModel` extensible
-# predicate signature for Go:
-#
-#   (package, type, subtypes, name, signature, ext, output, kind, provenance)
-#
-# Where:
-#   - package    — Go import path of the sanitizer
-#   - type       — receiver type ("" for package-level functions)
-#   - subtypes   — false for non-method functions; true to apply to subtypes
-#   - name       — function/method name
-#   - signature  — empty for Go (the column is not used)
-#   - ext        — empty (reserved)
-#   - output     — access path that becomes the barrier; "Argument[N]" means
-#                  the Nth argument is sanitized after the call
-#   - kind       — taint kind the barrier applies to ("request-forgery" for
-#                  the go/request-forgery query)
-#   - provenance — origin tag for the model row ("manual" — hand-authored)
-#
-# References:
-#   - https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-go/
-#   - https://github.blog/changelog/2026-04-21-codeql-now-supports-sanitizers-and-validators-in-models-as-data/
-
-extensions:
-  # ---------------------------------------------------------------------------
-  # validation.ValidateSafeURL — primary egress URL validator.
-  # ---------------------------------------------------------------------------
-  # Signature: func ValidateSafeURL(rawURL string) error
-  #
-  # Rejects (returns non-nil error for):
-  #   - non-http/https schemes (file://, gopher://, ftp://, data:, etc.)
-  #   - URLs missing a host
-  #   - literal-IP hosts in: 127/8 + ::1 (loopback), 169.254.0.0/16 (link-
-  #     local incl. AWS/Azure/GCP cloud metadata at 169.254.169.254),
-  #     224.0.0.0/4 + ff00::/8 (multicast), 255.255.255.255 (broadcast),
-  #     0.0.0.0 + :: (unspecified), fe80::/10 (IPv6 link-local)
-  #   - DNS names whose A/AAAA resolution returns any IP in the set above
-  #
-  # Source of truth: internal/validation/ssrf.go (ValidateSafeURL +
-  # IsReservedIP + isReservedIPForDial). RFC 1918 (10/8, 172.16/12,
-  # 192.168/16) is intentionally NOT blocked — see the comment block at
-  # ssrf.go:17-21 for the design rationale.
-  #
-  # The companion runtime defense is SafeHTTPDialContext (installed on the
-  # http.Transport via http.Transport.DialContext) which re-resolves the
-  # host at dial time and pins the dial to a literal non-reserved IP,
-  # defeating DNS rebinding. SafeHTTPDialContext returns a closure rather
-  # than acting as a direct sanitizer in dataflow terms, so it isn't
-  # modeled here — but ValidateSafeURL alone is sufficient to dismiss the
-  # request-forgery alerts at the call sites that use it (scep_probe.go,
-  # webhook.go).
-  - addsTo:
-      pack: codeql/go-all
-      extensible: barrierModel
-    data:
-      # subtypes uses Python-style `False` (capitalized) to match every
-      # shipped CodeQL Go .model.yml — see e.g. github/codeql/go/ql/lib/ext/
-      # database.sql.model.yml. SnakeYAML accepts lowercase too, but
-      # capitalized matches the canonical convention.
-      - ["github.com/shankar0123/certctl/internal/validation", "", False, "ValidateSafeURL", "", "", "Argument[0]", "request-forgery", "manual"]
diff --git a/.github/codeql/certctl-models/qlpack.yml b/.github/codeql/certctl-models/qlpack.yml
deleted file mode 100644
index 03596eb..0000000
--- a/.github/codeql/certctl-models/qlpack.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-# certctl CodeQL model pack — extends the standard Go queries with project-
-# specific data-flow knowledge (sanitizers, sinks, summaries).
-#
-# Why this exists: CodeQL's standard `go/request-forgery` query is a syntactic
-# taint-tracking rule. It traces operator-supplied URLs into HTTP egress sinks
-# (`http.Client.Do`) and reports — but it has no built-in knowledge of
-# certctl's `internal/validation.ValidateSafeURL` SSRF guard. The validator
-# IS a sanitizer (rejects loopback, link-local incl. cloud metadata
-# 169.254.169.254, multicast, broadcast, unspecified, IPv6 link-local;
-# rejects DNS names whose A/AAAA records resolve into any of those ranges)
-# but CodeQL doesn't know that, so the analyzer reports a finding the
-# runtime defense already mitigates.
-#
-# This pack uses Models-as-Data (MaD) extensions to declare the validator as
-# a barrier for the request-forgery query. After this pack is loaded:
-#   - The alert at internal/service/scep_probe.go:232 (CodeQL #23) is
-#     dismissed at source, not via per-line `// codeql[...]` suppression.
-#   - The same model applies to the second site of this shape — webhook
-#     notifier's outbound `client.Do` (internal/connector/notifier/webhook/
-#     webhook.go) — without per-line annotations.
-#   - Future code that flows operator URLs through ValidateSafeURL gets the
-#     same treatment automatically.
-#
-# Pack-loading mechanism (post-correction in commit fix-up):
-#   - This pack lives at .github/codeql/certctl-models/. Its NAME is the
-#     `name:` field below.
-#   - .github/workflows/codeql.yml's Initialize CodeQL step passes
-#     `additional-packs: .github/codeql` to the action — that's the parent
-#     directory the CodeQL CLI's resolver searches for unpublished packs.
-#   - .github/codeql/codeql-config.yml then references this pack by NAME
-#     in `packs: { go: [shankar0123/certctl-models] }`. The CLI looks the
-#     name up against the additional-packs path, finds this qlpack.yml,
-#     loads the pack and its data extensions.
-#
-# An earlier draft (commit d8026d5) tried `packs: { go: ['./'] }` in
-# codeql-config.yml, which is the wrong syntax — that field expects pack
-# names, not paths. The pack silently never loaded; alert #23 stayed open
-# across two CodeQL runs (d8026d5 + 4bb7a74). Pack-name + additional-packs
-# is the supported path; verified against the github/vscode-codeql working
-# example.
-#
-# MaD `barrierModel` extension was added for Go in CodeQL 2.25.2 (2026-04-21).
-# `github/codeql-action@v3` (pinned in .github/workflows/codeql.yml) pulls a
-# CLI version >= 2.25.2 by default. If a future analysis fails with
-# "unknown extensible predicate barrierModel", the action's CLI version has
-# regressed below 2.25.2 — pin a newer action version rather than reverting
-# this pack.
-
-name: shankar0123/certctl-models
-version: 0.0.1
-library: true
-extensionTargets:
-  codeql/go-all: '*'
-dataExtensions:
-  - models/*.model.yml
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
deleted file mode 100644
index 6c8f964..0000000
--- a/.github/codeql/codeql-config.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-# CodeQL analysis config for certctl.
-#
-# Loaded by .github/workflows/codeql.yml's `Initialize CodeQL` step via
-# `config-file:`. Two responsibilities:
-#
-#  1. Re-declare the query suite the workflow runs (security-and-quality)
-#     so that disabling the action's default suite via `disable-default-
-#     queries: true` doesn't accidentally drop coverage.
-#
-#  2. Load the local model pack at .github/codeql/certctl-models/, which
-#     adds project-specific Models-as-Data extensions (barriers, sinks,
-#     summaries) for the standard Go queries. See
-#     certctl-models/qlpack.yml for the full motivation.
-#
-# Path-ignore is intentionally empty — every path that ships with the
-# repo is in scope. Test files are NOT excluded; if a vulnerability
-# regresses in a test fixture and is later promoted to production, we
-# want CodeQL to catch it on first appearance.
-
-name: certctl-codeql
-
-# Run the same query suite the workflow has been running pre-config-file:
-# security-and-quality (security findings + maintainability/correctness).
-# Listing it here ensures the suite stays in scope even if the action's
-# default behavior shifts.
-queries:
-  - uses: security-and-quality
-
-# Load the local model pack BY NAME. The action's `init` step resolves
-# this name against the path it was given via `additional-packs: .github/
-# codeql` — that path is the parent directory of certctl-models/, where
-# the pack's qlpack.yml declares `name: shankar0123/certctl-models`.
-#
-# An earlier draft used `packs: { go: ['./'] }` (a relative path). That's
-# the wrong syntax — the `packs:` field expects pack NAMES, not paths.
-# Local-by-path is not supported here; the discovery happens via
-# additional-packs + name lookup. Verified against the github/vscode-codeql
-# working setup.
-packs:
-  go:
-    - shankar0123/certctl-models
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ec1d958..85413f7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -70,25 +70,6 @@ jobs:
           # maintainability/correctness issues that the smaller security-extended
           # suite skips. Comparable scope to what Aikido / SonarCloud run.
           queries: security-and-quality
-          # Custom config that pulls in the local model pack at
-          # .github/codeql/certctl-models/. The pack declares
-          # internal/validation.ValidateSafeURL as a request-forgery barrier
-          # via Models-as-Data, dismissing the alert that fires at every
-          # call site using the validator (scep_probe.go, webhook.go)
-          # without per-line `// codeql[...]` suppressions. See
-          # .github/codeql/certctl-models/qlpack.yml for the full motivation.
-          # Requires CodeQL CLI ≥ 2.25.2 for the barrierModel extension;
-          # codeql-action@v3 ships a recent enough CLI by default.
-          config-file: ./.github/codeql/codeql-config.yml
-          # Tells the CodeQL CLI's pack resolver where to find unpublished
-          # local packs. The pack referenced by name in codeql-config.yml's
-          # `packs:` directive (shankar0123/certctl-models) is resolved
-          # against this path. Without it, the name would fail to resolve
-          # and the pack would silently not load — that's exactly what
-          # happened to commits d8026d5 + 4bb7a74 (alert #23 stayed open
-          # across two CodeQL runs because the pack never made it into the
-          # analysis). Verified pattern: github/vscode-codeql.
-          additional-packs: .github/codeql
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@v3
diff --git a/docs/architecture.md b/docs/architecture.md
index 55caf15..f556bc3 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -993,8 +993,6 @@ Audit recording is async (via goroutine) so it never blocks the HTTP response. I
 
 All shell-facing inputs (connector scripts, domain names, ACME tokens) are validated through `internal/validation/command.go` before reaching shell execution. `ValidateShellCommand()` denies all shell metacharacters. `ValidateDomainName()` enforces RFC 1123. `ValidateACMEToken()` restricts to base64url characters. The network scanner filters reserved IP ranges (loopback, link-local including cloud metadata 169.254.169.254, multicast, broadcast) to prevent SSRF, while preserving RFC 1918 private ranges for legitimate internal scanning.
 
-**Outbound HTTP egress** is defended in two layers, both implemented in `internal/validation/ssrf.go`. Layer one is `ValidateSafeURL(rawURL)`, called at the surface of every outbound HTTP path that accepts an operator-supplied URL. It rejects non-`http(s)` schemes, empty hosts, literal-IP hosts in reserved ranges (loopback `127/8` + `::1`, IPv4 link-local `169.254/16` including AWS/Azure/GCP cloud metadata at `169.254.169.254`, IPv4 multicast `224/4`, IPv4 broadcast `255.255.255.255`, unspecified `0.0.0.0` + `::`, and IPv6 link-local `fe80::/10` + IPv6 multicast `ff00::/8`), and DNS names whose `A`/`AAAA` resolution returns any IP in that set. Layer two is `SafeHTTPDialContext(timeout)`, installed on the `http.Transport.DialContext` of every long-lived outbound HTTP client — it re-resolves the target host at dial time, applies the same reserved-IP set, and pins the TCP dial to a literal non-reserved IP so a racing DNS rebind cannot redirect the connection between validation and dial. RFC 1918 ranges (`10/8`, `172.16/12`, `192.168/16`) are intentionally NOT treated as reserved — certctl is designed to manage certificates inside private networks, and filtering them would break the primary use case. Current call sites: the SCEP probe in the network scanner (`internal/service/scep_probe.go`) and the webhook notifier (`internal/connector/notifier/webhook/`); both wire `ValidateSafeURL` at config + request entry and `SafeHTTPDialContext` on their dedicated `http.Client`. The egress validators are also declared as request-forgery barriers in the CodeQL Models-as-Data extension at `.github/codeql/models/`, so the static analyzer's view of the dataflow matches the runtime defense.
-
 ### Request Body Size Limits
 
 All incoming HTTP request bodies are capped by `http.MaxBytesReader` middleware (default 1MB, configurable via `CERTCTL_MAX_BODY_SIZE`). Requests exceeding the limit receive a 413 Request Entity Too Large response. The middleware is positioned before authentication in the chain so oversized payloads are rejected early, before any auth processing or database work occurs. Requests without bodies (GET, HEAD, nil body) skip the limit check.