Enable the opt-in secure codec for the MRTR (SEP-2322) requestState. Once
enabled, the dispatch path transparently wraps every outgoing
requestState (tool, prompt, and task input-required results) and verifies
every echoed incoming one — handlers keep calling inputRequired!T /
requestStateAs!T against plaintext. This delivers the three SEP-2322
protections at once: integrity (the client cannot tamper with the opaque
state), expiry (ttl), and user-binding (the echoed state must belong to
the currently authenticated subject, defending against replay/hijack).
Verification is fail-closed: a tampered, expired, wrong-subject, or
otherwise invalid blob is treated as if the client echoed NO state, so the
handler runs a fresh round and re-prompts (a warning is logged). The
request is never errored and no rejection flag is exposed to the handler.
Provide a stable secret of at least 32 bytes via sec.key. When sec.key
is empty the server generates a single-process ephemeral 32-byte key and
logs a warning: blobs issued by one process will then FAIL verification on
any other instance or after a restart (no cross-instance/restart
continuity). Binding is a no-op on transports without an authenticated
identity (stdio / in-process, empty subject).
Enable the opt-in secure codec for the MRTR (SEP-2322) requestState. Once enabled, the dispatch path transparently wraps every outgoing requestState (tool, prompt, and task input-required results) and verifies every echoed incoming one — handlers keep calling inputRequired!T / requestStateAs!T against plaintext. This delivers the three SEP-2322 protections at once: integrity (the client cannot tamper with the opaque state), expiry (ttl), and user-binding (the echoed state must belong to the currently authenticated subject, defending against replay/hijack).
Verification is fail-closed: a tampered, expired, wrong-subject, or otherwise invalid blob is treated as if the client echoed NO state, so the handler runs a fresh round and re-prompts (a warning is logged). The request is never errored and no rejection flag is exposed to the handler.
Provide a stable secret of at least 32 bytes via sec.key. When sec.key is empty the server generates a single-process ephemeral 32-byte key and logs a warning: blobs issued by one process will then FAIL verification on any other instance or after a restart (no cross-instance/restart continuity). Binding is a no-op on transports without an authenticated identity (stdio / in-process, empty subject).