SECURITY_PROTOCOL Keep agent keys server-side, use stable idempotency keys for retries, and treat approval states as authoritative.