**Epic A — State Security & Integrity** · Milestone: 0.6.0b · See `claudedocs/dev_plan_production_grade_2026-06-24.md` The top credibility/security gap: server state round-trips to the client **unsigned**. - [ ] **A1** Sign serialized state (HMAC) with configurable secret; verify inbound, reject tampered (`CorruptStateError`) — *enabler* - [ ] **A2** Key management + rotation; document `STATE_SIGNING_KEY` per adapter - [ ] **A3** `Locked`/immutable server-trusted fields - [ ] **A4** Audit CSRF coverage across FastAPI/Litestar/Flask HTTP paths; document; note WS CSRF limitation **Critical path:** A1 is the security gate. Land early.
Epic A — State Security & Integrity · Milestone: 0.6.0b · See
claudedocs/dev_plan_production_grade_2026-06-24.mdThe top credibility/security gap: server state round-trips to the client unsigned.
CorruptStateError) — enablerSTATE_SIGNING_KEYper adapterLocked/immutable server-trusted fieldsCritical path: A1 is the security gate. Land early.