Shipped v10.6.12 and v10.6.13 together because the first one broke something. The main change is that long-term identity private keys now live inside Rust SecretBytes with ZeroizeOnDrop. Python only sees public bytes through the handle API, never the raw private stuff. The cryptography library's Ed448 and X448 Python objects are gone from all production paths. If the Rust core is missing at import time, it fails immediately instead of silently degrading. v10.6.13 patches an SMP regression where an old .public_key().public_bytes() chain was calling methods that don't exist on the new handles. Most of those call sites were caught by except clauses and silently fell back to the correct path. One was not. set_smp_secret was falling back to an empty local fingerprint, so both peers computed different hashes and SMP always said secrets didn't match, even with identical passwords typed on both sides. Fixed. All 11 audit findings from 10.6.3 remain closed.…