fix(security): recognize Venice-style claude-opus-45 as top-tier model

The security audit was incorrectly flagging venice/claude-opus-45 as
'Below Claude 4.5' because the regex expected -4-5 (with dash) but
Venice uses -45 (without dash between 4 and 5).

Updated isClaude45OrHigher() regex to match both formats.
Added test case to prevent regression.

src/security/audit-extra.ts

@@ -311,7 +311,10 @@ function isClaudeModel(id: string): boolean {
 }
 
 function isClaude45OrHigher(id: string): boolean {
-  return /\bclaude-[^\s/]*?(?:-4-5\b|4\.5\b)/i.test(id);
+  // Match claude-*-4-5, claude-*-45, claude-*4.5, or opus-4-5/opus-45 variants
+  // Examples that should match:
+  //   claude-opus-4-5, claude-opus-45, claude-4.5, venice/claude-opus-45
+  return /\bclaude-[^\s/]*?(?:-4-?5\b|4\.5\b)/i.test(id);
 }
 
 export function collectModelHygieneFindings(cfg: ClawdbotConfig): SecurityAuditFinding[] {

src/security/audit.test.ts

@@ -687,6 +687,23 @@ describe("security audit", () => {
     );
   });
 
+  it("does not warn on Venice-style opus-45 model names", async () => {
+    // Venice uses "claude-opus-45" format (no dash between 4 and 5)
+    const cfg: ClawdbotConfig = {
+      agents: { defaults: { model: { primary: "venice/claude-opus-45" } } },
+    };
+
+    const res = await runSecurityAudit({
+      config: cfg,
+      includeFilesystem: false,
+      includeChannelSecurity: false,
+    });
+
+    // Should NOT contain weak_tier warning for opus-45
+    const weakTierFinding = res.findings.find((f) => f.checkId === "models.weak_tier");
+    expect(weakTierFinding).toBeUndefined();
+  });
+
   it("warns when hooks token looks short", async () => {
     const cfg: ClawdbotConfig = {
       hooks: { enabled: true, token: "short" },