diff --git a/plugins/config-audit/agents/scanner-agent.md b/plugins/config-audit/agents/scanner-agent.md
index 34c0faf..640fe7c 100644
--- a/plugins/config-audit/agents/scanner-agent.md
+++ b/plugins/config-audit/agents/scanner-agent.md
@@ -1,7 +1,7 @@
 ---
 name: scanner-agent
 description: Scan a directory tree for Claude Code configuration files (CLAUDE.md, settings.json, .mcp.json, rules). First step in the config-audit workflow.
-model: haiku
+model: sonnet
 color: cyan
 tools: ["Read", "Glob", "Grep", "Write"]
 ---
@@ -255,3 +255,7 @@ Flag as potential secrets:
 - Use Glob for pattern matching (fast)
 - Read files sequentially to avoid overwhelming filesystem
 - Maximum depth: Follow scope configuration (default unlimited)
+
+## Model policy
+
+v4.0 migrated from haiku to Sonnet 4.6 per global no-haiku policy. Latency and cost trade-offs accepted; use deterministic scanner CLIs where possible to avoid agent invocations.
diff --git a/plugins/config-audit/agents/verifier-agent.md b/plugins/config-audit/agents/verifier-agent.md
index 07f4f77..52d2793 100644
--- a/plugins/config-audit/agents/verifier-agent.md
+++ b/plugins/config-audit/agents/verifier-agent.md
@@ -1,7 +1,7 @@
 ---
 name: verifier-agent
 description: Verify that configuration changes were applied correctly. Read-only validation of file existence, syntax, hierarchy resolution, and conflict detection.
-model: haiku
+model: sonnet
 color: purple
 tools: ["Read", "Glob", "Grep"]
 ---
@@ -246,3 +246,7 @@ This agent:
 - Never modifies any files
 - Reports findings without taking action
 - Safe to run multiple times
+
+## Model policy
+
+v4.0 migrated from haiku to Sonnet 4.6 per global no-haiku policy. Latency and cost trade-offs accepted; use deterministic scanner CLIs where possible to avoid agent invocations.