diff --git a/crates/auths-cli/src/errors/renderer.rs b/crates/auths-cli/src/errors/renderer.rs
index a7ba7bfb..9278b06b 100644
--- a/crates/auths-cli/src/errors/renderer.rs
+++ b/crates/auths-cli/src/errors/renderer.rs
@@ -229,7 +229,11 @@ fn docs_url(code: &str) -> Option<String> {
         | "AUTHS_STORAGE_LOCKED"
         | "AUTHS_BACKEND_INIT_FAILED"
         | "AUTHS_AGENT_LOCKED"
-        | "AUTHS_VERIFICATION_ERROR"
+        | "AUTHS_ISSUER_SIG_FAILED"
+        | "AUTHS_DEVICE_SIG_FAILED"
+        | "AUTHS_ATTESTATION_EXPIRED"
+        | "AUTHS_ATTESTATION_REVOKED"
+        | "AUTHS_TIMESTAMP_IN_FUTURE"
         | "AUTHS_MISSING_CAPABILITY"
         | "AUTHS_DID_RESOLUTION_ERROR"
         | "AUTHS_ORG_VERIFICATION_FAILED"
@@ -304,7 +308,7 @@ mod tests {
 
     #[test]
     fn render_error_attestation_error_text() {
-        let err = Error::new(AttestationError::VerificationError("bad sig".into()));
+        let err = Error::new(AttestationError::IssuerSignatureFailed("bad sig".into()));
         render_error(&err, false);
     }
 
diff --git a/crates/auths-id/src/attestation/verify.rs b/crates/auths-id/src/attestation/verify.rs
index 96ab5fe4..b5818b59 100644
--- a/crates/auths-id/src/attestation/verify.rs
+++ b/crates/auths-id/src/attestation/verify.rs
@@ -16,27 +16,23 @@ pub fn verify_with_resolver(
     // Return specific AttestationError
     // 1. Check revocation and expiration
     if att.is_revoked() {
-        return Err(AttestationError::VerificationError(
-            "Attestation revoked".to_string(),
-        ));
+        return Err(AttestationError::AttestationRevoked);
     }
     if let Some(exp) = att.expires_at
         && now > exp
     {
-        return Err(AttestationError::VerificationError(format!(
-            "Attestation expired on {}",
-            exp.to_rfc3339()
-        )));
+        return Err(AttestationError::AttestationExpired {
+            at: exp.to_rfc3339(),
+        });
     }
     // Only reject timestamps in the future (clock drift protection)
     // Past timestamps are valid - attestations stored in Git are verified days/months later
     if let Some(ts) = att.timestamp
         && ts > now + Duration::seconds(MAX_SKEW_SECS)
     {
-        return Err(AttestationError::VerificationError(format!(
-            "Attestation timestamp {} is in the future",
-            ts.to_rfc3339()
-        )));
+        return Err(AttestationError::TimestampInFuture {
+            at: ts.to_rfc3339(),
+        });
     }
 
     // 2. Resolve issuer's public key
@@ -82,12 +78,7 @@ pub fn verify_with_resolver(
     let issuer_public_key_ring = UnparsedPublicKey::new(&ED25519, &issuer_pk_bytes);
     issuer_public_key_ring
         .verify(data_to_verify, att.identity_signature.as_bytes())
-        .map_err(|e| {
-            AttestationError::VerificationError(format!(
-                "Issuer signature verification failed: {}",
-                e
-            ))
-        })?;
+        .map_err(|e| AttestationError::IssuerSignatureFailed(e.to_string()))?;
     debug!(
         "(Verify) Issuer signature verified successfully for {}",
         att.issuer
@@ -97,12 +88,7 @@ pub fn verify_with_resolver(
     let device_public_key_ring = UnparsedPublicKey::new(&ED25519, att.device_public_key.as_bytes());
     device_public_key_ring
         .verify(data_to_verify, att.device_signature.as_bytes())
-        .map_err(|e| {
-            AttestationError::VerificationError(format!(
-                "Device signature verification failed: {}",
-                e
-            ))
-        })?;
+        .map_err(|e| AttestationError::DeviceSignatureFailed(e.to_string()))?;
     debug!(
         "(Verify) Device signature verified successfully for {}",
         att.subject.as_str()
diff --git a/crates/auths-verifier/src/error.rs b/crates/auths-verifier/src/error.rs
index 7fdc0138..5878db58 100644
--- a/crates/auths-verifier/src/error.rs
+++ b/crates/auths-verifier/src/error.rs
@@ -19,9 +19,31 @@ pub trait AuthsErrorInfo {
 /// Errors returned by attestation signing, verification, and related operations.
 #[derive(Error, Debug)]
 pub enum AttestationError {
-    /// Cryptographic signature verification failed.
-    #[error("Signature verification failed: {0}")]
-    VerificationError(String),
+    /// Issuer's Ed25519 signature did not verify.
+    #[error("Issuer signature verification failed: {0}")]
+    IssuerSignatureFailed(String),
+
+    /// Device's Ed25519 signature did not verify.
+    #[error("Device signature verification failed: {0}")]
+    DeviceSignatureFailed(String),
+
+    /// Attestation has passed its expiry timestamp.
+    #[error("Attestation expired on {at}")]
+    AttestationExpired {
+        /// RFC 3339 formatted expiry timestamp.
+        at: String,
+    },
+
+    /// Attestation was explicitly revoked.
+    #[error("Attestation revoked")]
+    AttestationRevoked,
+
+    /// Attestation timestamp is in the future (clock skew).
+    #[error("Attestation timestamp {at} is in the future")]
+    TimestampInFuture {
+        /// RFC 3339 formatted timestamp.
+        at: String,
+    },
 
     /// The attestation does not grant the required capability.
     #[error("Missing required capability: required {required:?}, available {available:?}")]
@@ -85,7 +107,11 @@ pub enum AttestationError {
 impl AuthsErrorInfo for AttestationError {
     fn error_code(&self) -> &'static str {
         match self {
-            Self::VerificationError(_) => "AUTHS_VERIFICATION_ERROR",
+            Self::IssuerSignatureFailed(_) => "AUTHS_ISSUER_SIG_FAILED",
+            Self::DeviceSignatureFailed(_) => "AUTHS_DEVICE_SIG_FAILED",
+            Self::AttestationExpired { .. } => "AUTHS_ATTESTATION_EXPIRED",
+            Self::AttestationRevoked => "AUTHS_ATTESTATION_REVOKED",
+            Self::TimestampInFuture { .. } => "AUTHS_TIMESTAMP_IN_FUTURE",
             Self::MissingCapability { .. } => "AUTHS_MISSING_CAPABILITY",
             Self::SigningError(_) => "AUTHS_SIGNING_ERROR",
             Self::DidResolutionError(_) => "AUTHS_DID_RESOLUTION_ERROR",
@@ -103,9 +129,15 @@ impl AuthsErrorInfo for AttestationError {
 
     fn suggestion(&self) -> Option<&'static str> {
         match self {
-            Self::VerificationError(_) => {
-                Some("Verify the attestation was signed with the correct key")
+            Self::IssuerSignatureFailed(_) => {
+                Some("Verify the attestation was signed with the correct issuer key")
+            }
+            Self::DeviceSignatureFailed(_) => Some("Verify the device key matches the attestation"),
+            Self::AttestationExpired { .. } => Some("Request a new attestation from the issuer"),
+            Self::AttestationRevoked => {
+                Some("This device has been revoked; contact the identity admin")
             }
+            Self::TimestampInFuture { .. } => Some("Check system clock synchronization"),
             Self::MissingCapability { .. } => {
                 Some("Request an attestation with the required capability")
             }
diff --git a/crates/auths-verifier/src/ffi.rs b/crates/auths-verifier/src/ffi.rs
index 01ed2def..332d398c 100644
--- a/crates/auths-verifier/src/ffi.rs
+++ b/crates/auths-verifier/src/ffi.rs
@@ -43,11 +43,28 @@ pub const ERR_VERIFY_INSUFFICIENT_WITNESSES: c_int = -9;
 pub const ERR_VERIFY_WITNESS_PARSE: c_int = -10;
 /// Input JSON exceeded size limit.
 pub const ERR_VERIFY_INPUT_TOO_LARGE: c_int = -11;
+/// Attestation timestamp is in the future (clock skew).
+pub const ERR_VERIFY_FUTURE_TIMESTAMP: c_int = -12;
 /// Unclassified verification error.
 pub const ERR_VERIFY_OTHER: c_int = -99;
 /// Internal panic occurred
 pub const ERR_VERIFY_PANIC: c_int = -127;
 
+fn attestation_error_to_code(e: &AttestationError) -> c_int {
+    match e {
+        AttestationError::IssuerSignatureFailed(_) => ERR_VERIFY_ISSUER_SIG_FAIL,
+        AttestationError::DeviceSignatureFailed(_) => ERR_VERIFY_DEVICE_SIG_FAIL,
+        AttestationError::AttestationExpired { .. } => ERR_VERIFY_EXPIRED,
+        AttestationError::AttestationRevoked => ERR_VERIFY_REVOKED,
+        AttestationError::TimestampInFuture { .. } => ERR_VERIFY_FUTURE_TIMESTAMP,
+        AttestationError::SerializationError(_) => ERR_VERIFY_SERIALIZATION,
+        AttestationError::InvalidInput(_) => ERR_VERIFY_INVALID_PK_LEN,
+        AttestationError::InputTooLarge(_) => ERR_VERIFY_INPUT_TOO_LARGE,
+        AttestationError::BundleExpired { .. } => ERR_VERIFY_EXPIRED,
+        _ => ERR_VERIFY_OTHER,
+    }
+}
+
 fn check_batch_sizes(sizes: &[usize], caller: &str) -> Option<c_int> {
     for &size in sizes {
         if size > MAX_JSON_BATCH_SIZE {
@@ -199,30 +216,7 @@ pub unsafe extern "C" fn ffi_verify_attestation_json(
             Ok(_) => VERIFY_SUCCESS,
             Err(e) => {
                 error!("FFI verify failed: Verification logic error: {}", e);
-                // TECH-DEBT(fn-33): error code mapping couples to message text —
-                // if AttestationError message strings change, these codes break silently.
-                // Fix: add a structured variant or error_code() method to AttestationError.
-                match e {
-                    AttestationError::VerificationError(msg) => {
-                        let lower_msg = msg.to_lowercase();
-                        if lower_msg.contains("issuer signature") {
-                            ERR_VERIFY_ISSUER_SIG_FAIL
-                        } else if lower_msg.contains("device signature") {
-                            ERR_VERIFY_DEVICE_SIG_FAIL
-                        } else if lower_msg.contains("expired") {
-                            ERR_VERIFY_EXPIRED
-                        } else if lower_msg.contains("revoked") {
-                            ERR_VERIFY_REVOKED
-                        } else if lower_msg.contains("invalid length") {
-                            ERR_VERIFY_INVALID_PK_LEN
-                        } else {
-                            ERR_VERIFY_OTHER
-                        }
-                    }
-                    AttestationError::SerializationError(_) => ERR_VERIFY_SERIALIZATION,
-                    AttestationError::InvalidInput(_) => ERR_VERIFY_INVALID_PK_LEN,
-                    _ => ERR_VERIFY_OTHER,
-                }
+                attestation_error_to_code(&e)
             }
         }
     });
@@ -324,7 +318,7 @@ pub unsafe extern "C" fn ffi_verify_chain_with_witnesses(
             Ok(r) => r,
             Err(e) => {
                 error!("FFI verify_chain_with_witnesses: verification error: {}", e);
-                return ERR_VERIFY_OTHER;
+                return attestation_error_to_code(&e);
             }
         };
 
@@ -406,7 +400,7 @@ pub unsafe extern "C" fn ffi_verify_chain_json(
             Ok(r) => r,
             Err(e) => {
                 error!("FFI verify_chain_json: verification error: {}", e);
-                return ERR_VERIFY_OTHER;
+                return attestation_error_to_code(&e);
             }
         };
 
@@ -528,7 +522,7 @@ pub unsafe extern "C" fn ffi_verify_device_authorization_json(
                     "FFI verify_device_authorization_json: verification error: {}",
                     e
                 );
-                return ERR_VERIFY_OTHER;
+                return attestation_error_to_code(&e);
             }
         };
 
diff --git a/crates/auths-verifier/src/verify.rs b/crates/auths-verifier/src/verify.rs
index 1a8e98b0..3f1509a7 100644
--- a/crates/auths-verifier/src/verify.rs
+++ b/crates/auths-verifier/src/verify.rs
@@ -333,19 +333,16 @@ pub(crate) async fn verify_with_keys_at(
     if let Some(revoked_at) = att.revoked_at
         && revoked_at <= reference_time
     {
-        return Err(AttestationError::VerificationError(
-            "Attestation revoked".to_string(),
-        ));
+        return Err(AttestationError::AttestationRevoked);
     }
 
     // --- 2. Check expiration against reference time ---
     if let Some(exp) = att.expires_at
         && reference_time > exp
     {
-        return Err(AttestationError::VerificationError(format!(
-            "Attestation expired on {}",
-            exp.to_rfc3339()
-        )));
+        return Err(AttestationError::AttestationExpired {
+            at: exp.to_rfc3339(),
+        });
     }
 
     // --- 3. Check timestamp skew against reference time ---
@@ -353,15 +350,14 @@ pub(crate) async fn verify_with_keys_at(
         && let Some(ts) = att.timestamp
         && ts > reference_time + Duration::seconds(MAX_SKEW_SECS)
     {
-        return Err(AttestationError::VerificationError(format!(
-            "Attestation timestamp ({}) is in the future",
-            ts.to_rfc3339(),
-        )));
+        return Err(AttestationError::TimestampInFuture {
+            at: ts.to_rfc3339(),
+        });
     }
 
     // --- 4. Check provided issuer public key length ---
     if !att.identity_signature.is_empty() && issuer_pk_bytes.len() != ED25519_PUBLIC_KEY_LEN {
-        return Err(AttestationError::VerificationError(format!(
+        return Err(AttestationError::InvalidInput(format!(
             "Provided issuer public key has invalid length: {}",
             issuer_pk_bytes.len()
         )));
@@ -404,11 +400,7 @@ pub(crate) async fn verify_with_keys_at(
                 att.identity_signature.as_bytes(),
             )
             .await
-            .map_err(|_| {
-                AttestationError::VerificationError(
-                    "Issuer signature verification failed".to_string(),
-                )
-            })?;
+            .map_err(|e| AttestationError::IssuerSignatureFailed(e.to_string()))?;
         debug!("(Verify) Issuer signature verified successfully.");
     } else {
         debug!(
@@ -424,9 +416,7 @@ pub(crate) async fn verify_with_keys_at(
             att.device_signature.as_bytes(),
         )
         .await
-        .map_err(|_| {
-            AttestationError::VerificationError("Device signature verification failed".to_string())
-        })?;
+        .map_err(|e| AttestationError::DeviceSignatureFailed(e.to_string()))?;
     debug!("(Verify) Device signature verified successfully.");
 
     Ok(())
@@ -1361,8 +1351,8 @@ mod tests {
             .await;
         assert!(result.is_err());
         match result {
-            Err(AttestationError::VerificationError(_)) => {}
-            _ => panic!("Expected VerificationError, got {:?}", result),
+            Err(AttestationError::IssuerSignatureFailed(_)) => {}
+            _ => panic!("Expected IssuerSignatureFailed, got {:?}", result),
         }
     }
 
diff --git a/crates/auths-verifier/src/wasm.rs b/crates/auths-verifier/src/wasm.rs
index 43a70986..0804405c 100644
--- a/crates/auths-verifier/src/wasm.rs
+++ b/crates/auths-verifier/src/wasm.rs
@@ -1,5 +1,6 @@
 use crate::clock::{ClockProvider, SystemClock};
 use crate::core::{Attestation, MAX_ATTESTATION_JSON_SIZE, MAX_JSON_BATCH_SIZE};
+use crate::error::{AttestationError, AuthsErrorInfo};
 use crate::keri;
 use crate::types::VerificationReport;
 use crate::verify;
@@ -27,6 +28,9 @@ pub struct WasmVerificationResult {
     /// Human-readable error message if verification failed.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub error: Option<String>,
+    /// Structured error code for programmatic handling.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub error_code: Option<String>,
 }
 
 /// Verifies an attestation provided as a JSON string against an explicit issuer public key hex string.
@@ -67,7 +71,7 @@ pub async fn wasm_verify_attestation_json(
         }
         Err(e) => {
             console_log!("WASM: Verification failed: {}", e);
-            Err(JsValue::from_str(&e.to_string()))
+            Err(JsValue::from_str(&format!("[{}] {}", e.error_code(), e)))
         }
     }
 }
@@ -83,10 +87,12 @@ pub async fn wasm_verify_attestation_with_result(
             Ok(()) => WasmVerificationResult {
                 valid: true,
                 error: None,
+                error_code: None,
             },
             Err(e) => WasmVerificationResult {
                 valid: false,
-                error: Some(e),
+                error: Some(e.to_string()),
+                error_code: Some(e.error_code().to_string()),
             },
         };
     serde_json::to_string(&result)
@@ -97,32 +103,32 @@ async fn verify_attestation_internal(
     attestation_json_str: &str,
     issuer_pk_hex: &str,
     provider: &dyn CryptoProvider,
-) -> Result<(), String> {
+) -> Result<(), AttestationError> {
     if attestation_json_str.len() > MAX_ATTESTATION_JSON_SIZE {
-        return Err(format!(
+        return Err(AttestationError::InputTooLarge(format!(
             "Attestation JSON too large: {} bytes, max {}",
             attestation_json_str.len(),
             MAX_ATTESTATION_JSON_SIZE
-        ));
+        )));
     }
 
-    let issuer_pk_bytes =
-        hex::decode(issuer_pk_hex).map_err(|e| format!("Invalid issuer public key hex: {}", e))?;
+    let issuer_pk_bytes = hex::decode(issuer_pk_hex).map_err(|e| {
+        AttestationError::InvalidInput(format!("Invalid issuer public key hex: {}", e))
+    })?;
 
     if issuer_pk_bytes.len() != ED25519_PUBLIC_KEY_LEN {
-        return Err(format!(
+        return Err(AttestationError::InvalidInput(format!(
             "Invalid issuer public key length: expected {}, got {}",
             ED25519_PUBLIC_KEY_LEN,
             issuer_pk_bytes.len()
-        ));
+        )));
     }
 
-    let att: Attestation = serde_json::from_str(attestation_json_str)
-        .map_err(|e| format!("Failed to parse attestation JSON: {}", e))?;
+    let att: Attestation = serde_json::from_str(attestation_json_str).map_err(|e| {
+        AttestationError::SerializationError(format!("Failed to parse attestation JSON: {}", e))
+    })?;
 
-    verify::verify_with_keys_at(&att, &issuer_pk_bytes, SystemClock.now(), true, provider)
-        .await
-        .map_err(|e| e.to_string())
+    verify::verify_with_keys_at(&att, &issuer_pk_bytes, SystemClock.now(), true, provider).await
 }
 
 /// Verifies a detached Ed25519 signature over a file hash (all inputs hex-encoded).
@@ -159,7 +165,13 @@ pub async fn wasm_verify_chain_json(attestations_json_array: &str, root_pk_hex:
         Ok(report) => serde_json::to_string(&report)
             .unwrap_or_else(|_| r#"{"status":{"type":"BrokenChain","missingLink":"Serialization failed"},"chain":[],"warnings":[]}"#.to_string()),
         Err(e) => {
-            format!(r#"{{"status":{{"type":"BrokenChain","missing_link":"{}"}},"chain":[],"warnings":[]}}"#, e.replace('"', "\\\""))
+            let error_response = serde_json::json!({
+                "status": { "type": "BrokenChain", "missing_link": e.to_string() },
+                "chain": [],
+                "warnings": [],
+                "error_code": e.error_code(),
+            });
+            error_response.to_string()
         }
     }
 }
@@ -168,32 +180,36 @@ async fn verify_chain_internal(
     attestations_json_array: &str,
     root_pk_hex: &str,
     provider: &dyn CryptoProvider,
-) -> Result<VerificationReport, String> {
+) -> Result<VerificationReport, AttestationError> {
     if attestations_json_array.len() > MAX_JSON_BATCH_SIZE {
-        return Err(format!(
+        return Err(AttestationError::InputTooLarge(format!(
             "Attestations JSON too large: {} bytes, max {}",
             attestations_json_array.len(),
             MAX_JSON_BATCH_SIZE
-        ));
+        )));
     }
 
-    let root_pk_bytes =
-        hex::decode(root_pk_hex).map_err(|e| format!("Invalid root public key hex: {}", e))?;
+    let root_pk_bytes = hex::decode(root_pk_hex).map_err(|e| {
+        AttestationError::InvalidInput(format!("Invalid root public key hex: {}", e))
+    })?;
 
     if root_pk_bytes.len() != ED25519_PUBLIC_KEY_LEN {
-        return Err(format!(
+        return Err(AttestationError::InvalidInput(format!(
             "Invalid root public key length: expected {}, got {}",
             ED25519_PUBLIC_KEY_LEN,
             root_pk_bytes.len()
-        ));
+        )));
     }
 
-    let attestations: Vec<Attestation> = serde_json::from_str(attestations_json_array)
-        .map_err(|e| format!("Failed to parse attestations JSON array: {}", e))?;
+    let attestations: Vec<Attestation> =
+        serde_json::from_str(attestations_json_array).map_err(|e| {
+            AttestationError::SerializationError(format!(
+                "Failed to parse attestations JSON array: {}",
+                e
+            ))
+        })?;
 
-    verify::verify_chain_inner(&attestations, &root_pk_bytes, provider, SystemClock.now())
-        .await
-        .map_err(|e| e.to_string())
+    verify::verify_chain_inner(&attestations, &root_pk_bytes, provider, SystemClock.now()).await
 }
 
 /// Verifies a chain of attestations with witness quorum checking.
@@ -218,7 +234,13 @@ pub async fn wasm_verify_chain_with_witnesses_json(
         Ok(report) => serde_json::to_string(&report)
             .unwrap_or_else(|_| r#"{"status":{"type":"BrokenChain","missing_link":"Serialization failed"},"chain":[],"warnings":[]}"#.to_string()),
         Err(e) => {
-            format!(r#"{{"status":{{"type":"BrokenChain","missing_link":"{}"}},"chain":[],"warnings":[]}}"#, e.replace('"', "\\\""))
+            let error_response = serde_json::json!({
+                "status": { "type": "BrokenChain", "missing_link": e.to_string() },
+                "chain": [],
+                "warnings": [],
+                "error_code": e.error_code(),
+            });
+            error_response.to_string()
         }
     }
 }
@@ -230,60 +252,68 @@ async fn verify_chain_with_witnesses_internal(
     witness_keys_json: &str,
     threshold: u32,
     provider: &dyn CryptoProvider,
-) -> Result<VerificationReport, String> {
+) -> Result<VerificationReport, AttestationError> {
     if chain_json.len() > MAX_JSON_BATCH_SIZE {
-        return Err(format!(
+        return Err(AttestationError::InputTooLarge(format!(
             "Chain JSON too large: {} bytes, max {}",
             chain_json.len(),
             MAX_JSON_BATCH_SIZE
-        ));
+        )));
     }
     if receipts_json.len() > MAX_JSON_BATCH_SIZE {
-        return Err(format!(
+        return Err(AttestationError::InputTooLarge(format!(
             "Receipts JSON too large: {} bytes, max {}",
             receipts_json.len(),
             MAX_JSON_BATCH_SIZE
-        ));
+        )));
     }
     if witness_keys_json.len() > MAX_JSON_BATCH_SIZE {
-        return Err(format!(
+        return Err(AttestationError::InputTooLarge(format!(
             "Witness keys JSON too large: {} bytes, max {}",
             witness_keys_json.len(),
             MAX_JSON_BATCH_SIZE
-        ));
+        )));
     }
 
-    let root_pk_bytes =
-        hex::decode(root_pk_hex).map_err(|e| format!("Invalid root public key hex: {}", e))?;
+    let root_pk_bytes = hex::decode(root_pk_hex).map_err(|e| {
+        AttestationError::InvalidInput(format!("Invalid root public key hex: {}", e))
+    })?;
 
     if root_pk_bytes.len() != ED25519_PUBLIC_KEY_LEN {
-        return Err(format!(
+        return Err(AttestationError::InvalidInput(format!(
             "Invalid root public key length: expected {}, got {}",
             ED25519_PUBLIC_KEY_LEN,
             root_pk_bytes.len()
-        ));
+        )));
     }
 
-    let attestations: Vec<Attestation> = serde_json::from_str(chain_json)
-        .map_err(|e| format!("Failed to parse attestations JSON: {}", e))?;
+    let attestations: Vec<Attestation> = serde_json::from_str(chain_json).map_err(|e| {
+        AttestationError::SerializationError(format!("Failed to parse attestations JSON: {}", e))
+    })?;
 
-    let receipts: Vec<WitnessReceipt> = serde_json::from_str(receipts_json)
-        .map_err(|e| format!("Failed to parse receipts JSON: {}", e))?;
+    let receipts: Vec<WitnessReceipt> = serde_json::from_str(receipts_json).map_err(|e| {
+        AttestationError::SerializationError(format!("Failed to parse receipts JSON: {}", e))
+    })?;
 
     #[derive(Deserialize)]
     struct WitnessKeyEntry {
         did: String,
         pk_hex: String,
     }
-    let key_entries: Vec<WitnessKeyEntry> = serde_json::from_str(witness_keys_json)
-        .map_err(|e| format!("Failed to parse witness keys JSON: {}", e))?;
+    let key_entries: Vec<WitnessKeyEntry> =
+        serde_json::from_str(witness_keys_json).map_err(|e| {
+            AttestationError::SerializationError(format!(
+                "Failed to parse witness keys JSON: {}",
+                e
+            ))
+        })?;
 
     let witness_keys: Vec<(String, Vec<u8>)> = key_entries
         .into_iter()
         .map(|e| {
-            hex::decode(&e.pk_hex)
-                .map(|pk| (e.did, pk))
-                .map_err(|err| format!("Invalid witness key hex: {}", err))
+            hex::decode(&e.pk_hex).map(|pk| (e.did, pk)).map_err(|err| {
+                AttestationError::InvalidInput(format!("Invalid witness key hex: {}", err))
+            })
         })
         .collect::<Result<Vec<_>, _>>()?;
 
@@ -295,8 +325,7 @@ async fn verify_chain_with_witnesses_internal(
 
     let mut report =
         verify::verify_chain_inner(&attestations, &root_pk_bytes, provider, SystemClock.now())
-            .await
-            .map_err(|e| e.to_string())?;
+            .await?;
 
     if report.is_valid() {
         let quorum = crate::witness::verify_witness_receipts(&config, provider).await;
diff --git a/docs/plans/gemini_feedback.md b/docs/plans/gemini_feedback.md
new file mode 100644
index 00000000..3e7f9ff0
--- /dev/null
+++ b/docs/plans/gemini_feedback.md
@@ -0,0 +1,143 @@
+# Gemini Feedback: A CTO's Playbook for the Auths v0.1.0 Launch
+
+**To:** Auths Leadership
+**From:** Gemini (CTO / DX Lead Persona)
+**Date:** 2026-03-06
+**Subject:** An Actionable Roadmap for the Auths v0.1.0 Launch
+
+## 1. Executive Summary & Restructured Plan
+
+Our goal for the v0.1.0 launch is to establish `auths` as the most polished, trustworthy, and developer-obsessed identity platform on the market. Our current codebase is functionally powerful but lacks the stability and seamless developer experience (DX) required for a public launch.
+
+This document has been restructured from a simple list of issues into a **chronological, dependency-aware roadmap**. It is organized into four distinct phases of work. Each phase builds upon the last, ensuring that we solidify our foundation before building upon it. This is the critical path to a successful v0.1.0 launch.
+
+---
+
+## Phase 1: Solidify the Core (Rust SDK & Verifier)
+
+**Objective:** Create a stable, predictable, and secure foundation. All work in this phase is a prerequisite for subsequent phases.
+
+### 1.1. Implement Native Commit Verification
+*   **Why:** The current Python-based commit verification shells out to `ssh-keygen`, which is slow, brittle, and not portable. This is our biggest reliability risk.
+*   **The Problem:**
+    ```python
+    # in packages/auths-python/python/auths/git.py
+    proc = subprocess.run(
+        ["ssh-keygen", "-Y", "verify", ...], ...
+    )
+    ```
+*   **Action:** Implement the entire commit signature verification logic in pure Rust within the `crates/auths-verifier` crate. This single change will dramatically improve performance and reliability for a key feature.
+
+### 1.2. Refactor SDK Configuration for Compile-Time Safety
+*   **Why:** The SDK must be impossible to misconfigure. We can prevent entire classes of runtime errors at compile time.
+*   **The Problem:** The `AuthsContextBuilder` in `crates/auths-sdk/src/context.rs` uses a `NoopPassphraseProvider` that causes a runtime error if signing is attempted without a real provider.
+    ```rust
+    // This defers a configuration error to a runtime crash.
+    passphrase_provider: self
+        .passphrase_provider
+        .unwrap_or_else(|| Arc::new(NoopPassphraseProvider)),
+    ```
+*   **Action:** Eliminate the `Noop` providers. Use the typestate pattern to create distinct `AuthsContext` types, such as `AuthsContext<Unsigned>` and `AuthsContext<SigningReady>`. Workflows that require signing must take the `SigningReady` context as an argument, making it a compile-time error to call them without the correct configuration.
+
+### 1.3. Eradicate Panics from the Public API
+*   **Why:** A library that can `panic` is a library that cannot be trusted in production. It is the most hostile behavior an SDK can exhibit.
+*   **The Problem:** The codebase is littered with `.unwrap()` and `.expect()` calls that can crash the host application.
+    ```rust
+    // in crates/auths-sdk/src/workflows/mcp.rs:80
+    .expect("failed to build HTTP client") // Will crash if host TLS is misconfigured.
+    ```
+*   **Action:** Audit and refactor every `.unwrap()` and `.expect()` in the `auths-sdk` crate's public-facing workflows. Replace them with proper, descriptive error variants (e.g., `McpAuthError::HttpClientBuildFailed`).
+
+### 1.4. Unify and Seal the Public API Surface
+*   **Why:** We are making a promise of stability with `v0.1.0`. The API we launch with is the API we must support.
+*   **Action:**
+    1.  **Unify:** Refactor the `initialize_developer`, `initialize_ci`, and `initialize_agent` functions in `crates/auths-sdk/src/setup.rs` into private helpers. The single public entry point must be `pub fn initialize(config: IdentityConfig, ...)`.
+    2.  **Seal:** Run `cargo public-api` to generate a definitive list of our public API. Anything we are not ready to commit to for the long term must be hidden (`pub(crate)` or `#[doc(hidden)]`).
+
+---
+
+## Phase 2: Refine the Developer Experience (Python FFI & SDK)
+
+**Objective:** Create an idiomatic, robust, and effortless experience for Python developers. This phase depends heavily on the stability provided by Phase 1.
+
+### 2.1. Implement Robust FFI Error Handling
+*   **Dependency:** Phase 1.3 (Eradicate Panics). The Rust layer must return errors, not panic.
+*   **Why:** The current error handling is based on string-matching messages from Rust, which is extremely fragile.
+*   **The Problem:**
+    ```python
+    # in packages/auths-python/python/auths/_client.py
+    def _map_verify_error(exc: Exception) -> Exception:
+        msg = str(exc)
+        if "public key" in msg.lower(): # This will break silently.
+            return CryptoError(msg, code="invalid_key")
+    ```
+*   **Action:** Modify the Rust FFI layer to return a stable, machine-readable error code (a C-style enum or integer). The Python `_map_verify_error` function must be rewritten to dispatch on this reliable code.
+This MUST be consistent across all such files
+
+### 2.2. Consume Native Commit Verification
+*   **Dependency:** Phase 1.1 (Native Commit Verification).
+*   **Why:** To eliminate the slow and brittle `subprocess` calls.
+*   **Action:** Remove the `verify_commit_range` implementation from `packages/auths-python/python/auths/git.py` and replace its body with a single call to the new native Rust function (exposed via the `auths._native` module).
+
+### 2.3. Adopt Pythonic Types and Conventions
+*   **Why:** The Python SDK must respect the conventions of its ecosystem to feel natural to developers.
+*   **The Problem:** The API uses strings for timestamps and may not return idiomatic `dataclass` instances.
+    ```python
+    # in packages/auths-python/python/auths/_client.py
+    def verify(self, ..., at: str | None = None) -> VerificationResult:
+        # ...
+    ```
+*   **Action:**
+    1.  Modify methods like `verify` to accept `datetime.datetime` objects. The implementation can then convert them to Unix timestamps (integers) to pass to the Rust layer.
+    2.  Audit all functions that return data from Rust. Ensure they return proper `@dataclass` instances, not raw dictionaries or tuples.
+    3.  Ensure all public methods and parameters follow `snake_case` conventions.
+
+---
+
+## Phase 3: Polish the Public Integrations (JS Ecosystem)
+
+**Objective:** Ensure our integrations are seamless, easy to use, and inspire confidence. This can run in parallel with Phase 2.
+
+### 3.1. Manage External Dependencies for Independent Repos
+*   **Correction & Context:** My previous analysis incorrectly assumed a monorepo structure. Understanding these are independent repositories makes the dependency management even more critical. The current build scripts have hardcoded relative paths that will fail in any standard CI/CD environment or for any external contributor.
+*   **Action (`auths-verify-widget`):** The `build:wasm` script in `package.json` (`"cd ../auths/crates/auths-verifier && wasm-pack build ..."`) is a critical flaw. It relies on a local file structure that will not exist in a clean checkout. The WASM verifier *must* be treated as a versioned, third-party dependency.
+    1.  The `auths/crates/auths-verifier` project must be configured to compile to WASM and be published to `npm` as a standalone package (e.g., `@auths/verifier-wasm`).
+    2.  The `auths-verify-widget` must remove the `build:wasm` script and add `@auths/verifier-wasm` as a standard `devDependency` in its `package.json`.
+    This ensures the widget can be built, tested, and released independently.
+*   **Action (`auths-verify-github-action`):** The action correctly treats the `auths` CLI as an external dependency by downloading it at runtime. However, for a v0.1.0 launch, this introduces too much variability.
+    1.  For the v0.1.0 release, the action *must bundle a specific, known-good version* of the `auths` native binary for Linux x64 (the standard GitHub runner environment). This guarantees performance and reliability.
+    2.  This can be accomplished by adding a script to the `auths-verify-github-action` repo that downloads a specific versioned release of the `auths` CLI from its GitHub Releases page and places it in the `dist` directory as part of the build process.
+
+### 3.2. Improve DX for Integrations
+*   **Why:** These integrations are the "front door" to our product for many developers. The experience must be flawless.
+*   **Action (`auths-verify-widget`):**
+    1.  **Clarify Variants:** The `README.md` must clearly explain the "full" vs. "slim" builds.
+    2.  **No-Build Option:** Create a UMD bundle and publish it to a CDN (`unpkg`, `jsdelivr`) so the widget can be used with a simple `<script>` tag.
+*   **Action (`auths-verify-github-action`):**
+    1.  **Better Failure UX:** On verification failure, post a detailed PR comment explaining *which* commits failed and *how* to fix it. This turns failure into an educational moment.
+    2.  **Streamline `action.yml`:** Default the `github-token` to `${{ github.token }}` and add at least three copy-pasteable examples for common use cases to the `README.md`.
+
+---
+
+## Phase 4: Release Engineering & Documentation
+
+**Objective:** Ensure the product is easy to install and use. This is the final step before launch.
+
+### 4.1. Guarantee Effortless Installation
+*   **Dependency:** Phase 1, 2, and 3 must be complete.
+*   **Why:** `pip install auths` and `npm install @auths-dev/verify` must *just work*. A difficult installation is our single biggest adoption blocker.
+*   **Action (`auths-python`):** Ensure the CI/CD pipeline uses `maturin build --release` to build and publish binary wheels for all major platforms (manylinux, macOS x86_64/arm64, Windows amd64) to PyPI.
+*   **Action (JS packages):** Ensure the CI/CD pipeline correctly publishes all public `npm` packages (`@auths/verifier-wasm`, `@auths-dev/verify`).
+
+### 4.2. Write the "First Five Minutes" Guide
+*   **Why:** A developer's first impression is formed in the first five minutes. We need a guide that makes them feel successful immediately.
+*   **Action:** Create a "Getting Started" guide that takes a developer from zero to a successful signature verification in under 3 minutes. This guide should use the Python SDK as its primary example.
+
+## Final Go/No-Go Checklist
+
+We are ready to launch v0.1.0 **if and only if** we can answer "Yes" to all of the following:
+- [ ] Is all work in **Phase 1** complete and verified?
+- [ ] Is all work in **Phase 2** complete and verified?
+- [ ] Is all work in **Phase 3** complete and verified?
+- [ ] Does `pip install auths` work on clean installs of macOS, Linux, and Windows without requiring a Rust toolchain?
+- [ ] Do we have a "Getting Started" guide that takes a developer from zero to a successful signature verification in under 3 minutes?
diff --git a/docs/plans/roadmap.md b/docs/plans/roadmap.md
new file mode 100644
index 00000000..9cff0479
--- /dev/null
+++ b/docs/plans/roadmap.md
@@ -0,0 +1,276 @@
+# Auths v0.1.0 Engineering Roadmap
+
+Zero users. No backward compatibility constraints. Break anything, delete anything.
+
+## Priority Order
+
+| # | Epic | What | Blocked by |
+|---|------|------|------------|
+| 1 | Epic 1 | Wire Rust commit verification into Python | — | DONE
+| 2 | Epic 2 | Replace all string-matching error dispatch | — |
+| 3 | Epic 3 | Fix known bugs and code violations | — |
+| 4 | Epic 4 | Lock down public API surface | — |
+| 5 | Epic 5 | Typestate PassphraseProvider | — |
+| 6 | Epic 6 | Python wheels for all platforms | — |
+| 7 | Epic 7 | Decouple widget from local filesystem | — |
+| 8 | Epic 8 | GitHub Action cleanup | — |
+| 9 | Epic 9 | Python SDK types | Epics 1, 2 |
+| 10 | Epic 10 | UMD bundle for CDN | Epic 7 |
+| 11 | Epic 11 | Getting started guide | All above |
+
+
+## Epic 2 — Structured Error Codes Everywhere
+
+Three places use string matching to classify errors. Replace all of them with `AuthsErrorInfo::error_code()` dispatch.
+
+**Task 2.1** — Add `error_code: Option<String>` to `VerificationResult` in `packages/auths-python/src/types.rs` (currently only has `valid` and `error`). Propagate `e.error_code()` from all FFI error paths in `verify.rs` and `sign.rs`.
+
+```rust
+// packages/auths-python/src/types.rs
+
+#[pyclass]
+#[derive(Clone)]
+pub struct VerificationResult {
+    #[pyo3(get)]
+    pub valid: bool,
+    #[pyo3(get)]
+    pub error: Option<String>,
+    #[pyo3(get)]
+    pub error_code: Option<String>,
+}
+```
+
+**Task 2.2** — Delete `_map_verify_error()`, `_map_sign_error()`, and `_map_network_error()` in `_client.py:30-56`. Replace with code-based dispatch. No fallback logic needed — there are no callers relying on the old behavior.
+
+```python
+# packages/auths-python/python/auths/_client.py
+
+_ERROR_CODE_MAP = {
+    "AUTHS_VERIFICATION_ERROR": ("invalid_signature", VerificationError),
+    "AUTHS_MISSING_CAPABILITY": ("missing_capability", VerificationError),
+    "AUTHS_CRYPTO_ERROR": ("invalid_key", CryptoError),
+    "AUTHS_DID_RESOLUTION_ERROR": ("invalid_key", CryptoError),
+    "AUTHS_INVALID_INPUT": ("invalid_signature", VerificationError),
+    "AUTHS_SERIALIZATION_ERROR": ("invalid_signature", VerificationError),
+    "AUTHS_BUNDLE_EXPIRED": ("expired_attestation", VerificationError),
+    "AUTHS_KEY_NOT_FOUND": ("key_not_found", CryptoError),
+    "AUTHS_INCORRECT_PASSPHRASE": ("signing_failed", CryptoError),
+    "AUTHS_SIGNING_FAILED": ("signing_failed", CryptoError),
+}
+
+def _map_error(exc: Exception) -> Exception:
+    code = getattr(exc, "error_code", None)
+    if code and code in _ERROR_CODE_MAP:
+        py_code, cls = _ERROR_CODE_MAP[code]
+        return cls(str(exc), code=py_code)
+    return VerificationError(str(exc), code="unknown")
+```
+
+**Task 2.3** — Fix C FFI string matching in `crates/auths-verifier/src/ffi.rs:206-224` (marked `TECH-DEBT(fn-33)`). Replace substring checks with `e.error_code()` match.
+
+```rust
+// crates/auths-verifier/src/ffi.rs
+
+fn attestation_error_to_code(e: &AttestationError) -> i32 {
+    match e.error_code() {
+        "AUTHS_VERIFICATION_ERROR" => 2,
+        "AUTHS_CRYPTO_ERROR" => 3,
+        "AUTHS_MISSING_CAPABILITY" => 4,
+        "AUTHS_INVALID_INPUT" => 5,
+        "AUTHS_SERIALIZATION_ERROR" => 6,
+        "AUTHS_BUNDLE_EXPIRED" => 7,
+        _ => -1,
+    }
+}
+```
+
+---
+
+## Epic 3 — Bug Fixes and Code Violations
+
+Known bugs that must be fixed before v0.1.0. No epic overlap — these fell through the cracks.
+
+**Task 3.1** — Fix `Utc::now()` violation in `crates/auths-core/src/witness/server.rs:492`. The `submit_event` handler calls `chrono::Utc::now()` directly. Change the function signature to accept `now: DateTime<Utc>` and have the caller inject it.
+
+**Task 3.2** — Replace 7 `anyhow::anyhow!()` calls in `crates/auths-storage/src/git/identity_adapter.rs` (lines 127, 129, 132, 134, 172, 177, 184) with a `StorageError` thiserror enum. Layer 4 crate, `anyhow` is banned.
+
+**Task 3.3** — Fix `__init__.py` import bug. `verify_chain_with_witnesses` is in `__all__` at `packages/auths-python/python/auths/__init__.py:70` but never imported from `_native` (lines 13-29). Add the import if the function exists in the native module, otherwise remove it from `__all__`.
+
+---
+
+## Epic 4 — Seal Public API Surface
+
+Every `pub` symbol in a published crate is a commitment. Clean it up now while there's zero cost to breaking changes.
+
+**Task 4.1** — Make `ports`, `presentation`, and `workflows` modules `pub(crate)` in `crates/auths-sdk/src/lib.rs` (currently `pub` at lines 36, 38, 50). No `#[doc(hidden)]` half-measure — just make them private. The `testing` module is already feature-gated, leave it.
+
+```rust
+// crates/auths-sdk/src/lib.rs
+
+pub mod setup;
+pub mod device;
+pub mod signing;
+pub mod keys;
+pub mod pairing;
+pub mod audit;
+pub mod context;
+pub mod error;
+pub mod result;
+pub mod types;
+
+pub(crate) mod ports;
+pub(crate) mod presentation;
+pub(crate) mod workflows;
+
+#[cfg(any(test, feature = "test-utils"))]
+pub mod testing;
+```
+
+**Task 4.2** — Delete `submit_registration()` and `bind_platform_claim()` stubs in `crates/auths-sdk/src/setup.rs:326-382`. Both always return `None`. They're dead code with no callers outside the SDK. Remove them and their call sites in `setup()`.
+
+**Task 4.3** — Add `cargo-public-api` CI step for `auths-sdk`, `auths-verifier`, and `auths-core`. Check the baseline into `docs/public-api/` so API drift shows up in diffs.
+
+---
+
+## Epic 5 — Typestate PassphraseProvider
+
+`NoopPassphraseProvider` at `crates/auths-sdk/src/context.rs:30` fails at runtime. Make it a compile-time error instead.
+
+**Task 5.1** — Add a 7th typestate slot `PP` to `AuthsContextBuilder` (currently has 6 at `context.rs:129-133`). Split into `AuthsSigningContext` and `AuthsReadContext`. Delete `NoopPassphraseProvider` entirely.
+
+```rust
+pub type AuthsSigningContext = AuthsContext<HasPassphrase>;
+pub type AuthsReadContext = AuthsContext<NoPassphrase>;
+
+pub struct HasPassphrase(Arc<dyn PassphraseProvider + Send + Sync>);
+pub struct NoPassphrase;
+```
+
+**Task 5.2** — Update CLI factories in `crates/auths-cli/src/factories/` to build the right context type per command. Signing commands get `AuthsSigningContext`, read-only commands get `AuthsReadContext`.
+
+**Task 5.3** — Extract shared `build_ffi_context()` in Python FFI. The same builder block is copy-pasted 6 times across `identity.rs`, `rotation.rs`, `device_ext.rs`, `artifact_sign.rs`, `commit_sign.rs`. One function, 6 call sites.
+
+```rust
+// packages/auths-python/src/context_helper.rs
+
+pub fn build_ffi_context(
+    repo_path: &str,
+    passphrase: Option<&str>,
+) -> Result<AuthsContext, anyhow::Error> {
+    let (backend, keychain, clock, id_storage, att_storage) = resolve_ffi_deps(repo_path)?;
+    let provider = resolve_passphrase(passphrase);
+    Ok(AuthsContext::builder()
+        .registry(backend)
+        .key_storage(keychain)
+        .clock(clock)
+        .identity_storage(id_storage)
+        .attestation_sink(att_storage.clone())
+        .attestation_source(att_storage)
+        .passphrase_provider(provider)
+        .build())
+}
+```
+
+---
+
+## Epic 6 — Cross-Platform Python Wheels
+
+`pip install auths` must work without a Rust toolchain on macOS (x86_64/arm64), Linux (manylinux), and Windows (amd64).
+
+**Task 6.1** — Add `publish-python.yml` workflow using `maturin-action` to build wheels for all platforms on tagged releases.
+
+```yaml
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        target: [x86_64, aarch64]
+        exclude:
+          - os: windows-latest
+            target: aarch64
+    steps:
+      - uses: PyO3/maturin-action@v1
+        with:
+          command: build
+          args: --release -m packages/auths-python/Cargo.toml --out dist
+          target: ${{ matrix.target }}
+```
+
+**Task 6.2** — Add smoke test: install the wheel in a clean venv (no Rust), run `from auths import Auths`, and test the `[jwt]` extra since `PyJWT`/`cryptography` have their own platform build issues.
+
+---
+
+## Epic 7 — Decouple Widget from Local Filesystem
+
+The widget can't be built or published without the exact sibling directory layout. Fix that, plus the build bugs found during review.
+
+**Task 7.1** — Publish `@auths/verifier-wasm` as a standalone npm package from `crates/auths-verifier` WASM build. Add `publish-wasm.yml` CI workflow on tagged releases.
+
+**Task 7.2** — Replace `file:../auths/packages/auths-verifier-ts` devDependency and `build:wasm` script in `auths-verify-widget/package.json` with `"@auths/verifier-wasm": "^0.1.0"`. Delete the `prepublishOnly` hook that references the parent repo.
+
+**Task 7.3** — Fix filename mismatch: `vite.config.ts:44` emits `auths-verify` (no extension), `package.json` expects `auths-verify.mjs`. Change Vite `fileName` to include `.mjs`.
+
+**Task 7.4** — Fix WASM type mismatch: `verifier-bridge.ts:16-20` and `wasm.d.ts:9-10` declare WASM functions as returning `string` but they return `Promise<string>`. Fix the types and add `await` at call sites (lines 69, 92).
+
+---
+
+## Epic 8 — GitHub Action Cleanup
+
+The action works but has several bugs and quality gaps.
+
+**Task 8.1** — Pin `auths-version` default to `'0.1.0'` in `action.yml` (currently `''`). Resolve `github-token` in `main.ts` with `core.getInput('github-token') || process.env.GITHUB_TOKEN` since `action.yml` defaults don't evaluate expressions.
+
+**Task 8.2** — Add PR comment deduplication. Currently `main.ts:132-144` creates a new comment on every run. Search for existing comments with a marker and update instead of creating.
+
+```typescript
+const COMMENT_MARKER = '<!-- auths-verify -->';
+
+async function upsertPrComment(octokit, prNumber: number, body: string) {
+  const { data: comments } = await octokit.rest.issues.listComments({
+    ...github.context.repo,
+    issue_number: prNumber,
+  });
+  const existing = comments.find(c => c.body?.includes(COMMENT_MARKER));
+  const markedBody = `${COMMENT_MARKER}\n${body}`;
+  if (existing) {
+    await octokit.rest.issues.updateComment({ ...github.context.repo, comment_id: existing.id, body: markedBody });
+  } else {
+    await octokit.rest.issues.createComment({ ...github.context.repo, issue_number: prNumber, body: markedBody });
+  }
+}
+```
+
+**Task 8.3** — Fix license mismatch: `package.json` says MIT, `LICENSE` file is Apache-2.0. Pick one, update both.
+
+**Task 8.4** — Add tests for `classifyError()` in `src/verifier.ts:28-37`. Zero test coverage on the most fragile function in the action.
+
+**Task 8.5** — Add README workflow examples for identity-bundle mode, allowed-signers mode, and PR comment mode.
+
+---
+
+## Epic 9 — Python SDK Types
+
+Polish the Python-facing types. Low risk, do after the FFI plumbing is stable.
+
+**Task 9.1** — Change `verify()`'s `at` parameter from `str | None` to `datetime | None`. Convert to RFC 3339 internally. No deprecation needed.
+
+**Task 9.2** — Fix `AgentIdentityBundle.attestation_json` — it's always `""` for standalone agents (set in FFI `identity.rs:207`). Change to `Optional[str]`, set to `None` instead of empty string.
+
+---
+
+## Epic 10 — UMD Bundle for CDN
+
+Ship a `<script>` tag drop-in. Depends on Epic 7 (widget decoupled).
+
+**Task 10.1** — Add `vite.config.umd.ts` that builds a UMD bundle with inlined WASM. Register `<auths-verify>` custom element on load.
+
+**Task 10.2** — Add `unpkg` and `jsdelivr` fields to `package.json`, add `./umd` export, add `build:umd` script.
+
+---
+
+## Epic 11 — Getting Started Guide
+
+Write last when APIs are stable.
+
+**Task 11.1** — Create `docs/getting-started.md`: install CLI, create identity, sign commit, verify in Python, verify in browser (widget), verify in CI (GitHub Action). Exact commands and expected output. Under 3 minutes end-to-end.
diff --git a/docs/plans/roadmap_review.md b/docs/plans/roadmap_review.md
new file mode 100644
index 00000000..1c006207
--- /dev/null
+++ b/docs/plans/roadmap_review.md
@@ -0,0 +1,97 @@
+# Roadmap Review
+
+## Overall Assessment
+
+The roadmap is **well-grounded** — every epic addresses a real problem confirmed in the code. The task decomposition is unusually concrete for a planning doc, with code snippets that reference actual file paths and line ranges. That said, there are observations on prioritization, gaps, and a few technical concerns.
+
+---
+
+## Per-Epic Analysis
+
+### Epic 1 (Native Commit Verification)
+
+Strong. This is the highest-leverage change. The Python `git.py` currently subprocess-shells to `ssh-keygen` with temp file I/O for `.sig` and `.dat` files — slow and brittle. The `auths-verifier` crate already has Ed25519 primitives, so adding SSHSIG parsing is a natural extension. One concern: Task-1.2's `CommitVerificationResult` has `valid: bool` + `error: Option<String>` — this repeats the anti-pattern Epic 2 is trying to fix. Use a `Result<VerifiedCommit, CommitVerificationError>` instead, with a typed error enum.
+
+### Epic 2 (Structured FFI Error Codes)
+
+Correct diagnosis. The string-matching pattern in `_client.py` is confirmed fragile, and the same issue exists in the verifier's FFI layer (`auths-verifier/src/ffi.rs:202-224`, marked `TECH-DEBT(fn-33)`). One gap: the roadmap only addresses the Python side but doesn't mention fixing the C FFI in `auths-verifier/src/ffi.rs`, which has the same string-matching problem. Consider adding a Task-2.4 for that.
+
+### Epic 3 (Pythonic Types)
+
+Low risk, high polish. The `at` parameter change from `str` to `datetime` is clean. Task-3.2 (dataclass audit) is mostly already done — `Identity` and `Device` are dataclasses, but `AgentIdentityBundle` has an issue: its `attestation_json` field is always empty string for standalone agents (confirmed in `identity.rs:207`). Should be `Option<str>` / `None`.
+
+### Epic 4 (Typestate PassphraseProvider)
+
+Architecturally elegant and consistent with the existing 6-slot typestate builder. This is the kind of compile-time safety that justifies Rust. The code snippets are accurate — `AuthsContextBuilder` already has the pattern. Worth noting: the Python FFI layer (`identity.rs`, `rotation.rs`, etc.) duplicates `AuthsContext` construction in 5 modules. A shared builder helper should be part of this epic.
+
+### Epic 5 (Seal Public API)
+
+Essential for v0.1.0. The `ports`, `presentation`, and `workflows` modules being public is confirmed. The `testing` module is already behind `#[cfg(any(test, feature = "test-utils"))]` in practice, but `ports` and `workflows` are not `#[doc(hidden)]` yet. Good task.
+
+### Epic 6 (Decouple Widget)
+
+Critical. The `file:../auths/packages/auths-verifier-ts` dependency is confirmed, as is the `cd ../auths/crates/auths-verifier && wasm-pack build` script. Both break in any CI or contributor setup without the exact sibling directory structure. One addition: the widget commits both `wasm/` and `dist/` to git — the roadmap should address whether those committed artifacts remain after the npm package is published.
+
+### Epic 7 (Action Binary Pinning)
+
+Good. The empty default for `auths-version` is confirmed. However, the roadmap's `default: ${{ github.token }}` for `github-token` won't work — `action.yml` defaults don't evaluate expressions. You'd need to resolve this in `main.ts` with `core.getInput('github-token') || process.env.GITHUB_TOKEN`. Also, several additional issues surfaced in the action that aren't covered:
+
+- `classifyError()` uses string matching (same anti-pattern as Epic 2) — no structured error types from the CLI's `--json` output
+- PR comments pile up with no deduplication/update logic
+- License mismatch: `package.json` says MIT, `LICENSE` file is Apache-2.0
+- `classifyError` has zero test coverage
+
+### Epic 8 (Cross-Platform Wheels)
+
+Correct and necessary. The `maturin-action` matrix is well-specified. One note: the `auths-python` crate is a standalone workspace (not part of the main workspace), so the `-m packages/auths-python/Cargo.toml` path in the snippet is correct. The smoke test in Task-8.2 should also test the `[jwt]` optional extra since it pulls in `PyJWT` and `cryptography` (which has its own platform build complexities).
+
+### Epic 9 (UMD Bundle)
+
+Nice to have for CDN adoption. The inline WASM pattern already works for the ESM full bundle (~615KB). A UMD variant is straightforward with Vite's library mode. One concern: the widget has a filename mismatch (package.json says `.mjs`, Vite emits without extension, CI checks for `.js`) — fix this before adding another build target.
+
+### Epic 10 (Getting Started Guide)
+
+Good for launch. The snippets are clean and realistic. Consider adding a "Verify in a browser" section using the `<auths-verify>` widget since that's an impressive zero-install demo.
+
+---
+
+## What's Missing
+
+1. **The `Utc::now()` violation in `auths-core/src/witness/server.rs:492`** — Production code calling `Utc::now()` directly, violating the clock injection rule. Not covered by any epic.
+
+2. **`anyhow` in `auths-storage/src/git/identity_adapter.rs`** — This Layer 4 crate uses `anyhow::anyhow!()` where it should use `thiserror`. The `CLAUDE.md` rule is explicit. Not covered.
+
+3. **Python `__init__.py` import bug** — `verify_chain_with_witnesses` is in `__all__` but not imported at the top level. `from auths import verify_chain_with_witnesses` raises `NameError`. This is a real bug that should be fixed before v0.1.0.
+
+4. **`AuthsContext` duplication in Python FFI** — The same 15-20 line context construction block is copy-pasted across 5 Rust modules (`identity.rs`, `rotation.rs`, `device_ext.rs`, `artifact_sign.rs`, `commit_sign.rs`). Epic 4 is a natural place to address this.
+
+5. **Widget WASM type mismatch** — `verifier-bridge.ts` declares WASM functions as synchronous (`string` return), but the actual wasm-pack output returns `Promise<string>`. Latent type-safety gap.
+
+6. **Action `classifyError` has no tests** — The most fragile function in the action codebase has zero test coverage.
+
+7. **`submit_registration` and `bind_platform_claim` in `auths-sdk/src/setup.rs` are stubs** — Both always return `None`. If v0.1.0 is supposed to support registry registration or platform OIDC claims, these need implementation. If not, they should be removed or clearly documented as future work.
+
+---
+
+## Suggested Priority Order
+
+The roadmap doesn't specify ordering. Suggested sequence:
+
+| Priority | Epic | Rationale |
+|----------|------|-----------|
+| 1 | Epic 1 | Highest user-facing impact — eliminates `ssh-keygen` subprocess dependency |
+| 2 | Epic 2 | Fixes fragility that Epic 1 would otherwise inherit |
+| 3 | Epic 5 | Must happen before any published crate — API stability commitment |
+| 4 | Epic 8 | Blocks Python SDK distribution — no users without wheels |
+| 5 | Epic 6 | Blocks widget distribution — can't publish without decoupled WASM |
+| 6 | Epic 4 | Correctness improvement, can be done in parallel |
+| 7 | Epic 7 | Action polish, lower urgency |
+| 8 | Epic 3 | Python DX polish, low risk |
+| 9 | Epic 9 | Nice to have, extends Epic 6 |
+| 10 | Epic 10 | Write last when the APIs are stable |
+
+---
+
+## Summary
+
+The roadmap is solid engineering work — concrete, well-scoped, and grounded in real code. The main gaps are: a few known bugs not covered by any epic (the `__init__.py` import, the `Utc::now()` violation, the `anyhow` in storage), the action's string-matching fragility mirroring Epic 2's problem, and some stub functions in the SDK that need a decision (ship or remove). The priority ordering matters — Epics 1, 2, 5, and 8 are gate-keeping v0.1.0 and should be sequenced first.
diff --git a/packages/auths-python/python/auths/_client.py b/packages/auths-python/python/auths/_client.py
index fd2e65b4..cece0cfd 100644
--- a/packages/auths-python/python/auths/_client.py
+++ b/packages/auths-python/python/auths/_client.py
@@ -27,24 +27,40 @@
     from auths.verify import WitnessConfig
 
 
-def _map_verify_error(exc: Exception) -> Exception:
+_ERROR_CODE_MAP = {
+    "AUTHS_ISSUER_SIG_FAILED": ("invalid_signature", VerificationError),
+    "AUTHS_DEVICE_SIG_FAILED": ("invalid_signature", VerificationError),
+    "AUTHS_ATTESTATION_EXPIRED": ("expired_attestation", VerificationError),
+    "AUTHS_ATTESTATION_REVOKED": ("revoked_device", VerificationError),
+    "AUTHS_TIMESTAMP_IN_FUTURE": ("future_timestamp", VerificationError),
+    "AUTHS_MISSING_CAPABILITY": ("missing_capability", VerificationError),
+    "AUTHS_CRYPTO_ERROR": ("invalid_key", CryptoError),
+    "AUTHS_DID_RESOLUTION_ERROR": ("invalid_key", CryptoError),
+    "AUTHS_INVALID_INPUT": ("invalid_signature", VerificationError),
+    "AUTHS_SERIALIZATION_ERROR": ("invalid_signature", VerificationError),
+    "AUTHS_BUNDLE_EXPIRED": ("expired_attestation", VerificationError),
+    "AUTHS_KEY_NOT_FOUND": ("key_not_found", CryptoError),
+    "AUTHS_INCORRECT_PASSPHRASE": ("signing_failed", CryptoError),
+    "AUTHS_SIGNING_FAILED": ("signing_failed", CryptoError),
+    "AUTHS_SIGNING_ERROR": ("signing_failed", CryptoError),
+    "AUTHS_INPUT_TOO_LARGE": ("invalid_signature", VerificationError),
+    "AUTHS_INTERNAL_ERROR": ("unknown", VerificationError),
+    "AUTHS_ORG_VERIFICATION_FAILED": ("invalid_signature", VerificationError),
+    "AUTHS_ORG_ATTESTATION_EXPIRED": ("expired_attestation", VerificationError),
+    "AUTHS_ORG_DID_RESOLUTION_FAILED": ("invalid_key", CryptoError),
+}
+
+
+def _map_error(exc: Exception, *, default_cls: type = VerificationError) -> Exception:
     msg = str(exc)
-    if "public key" in msg.lower() or "hex" in msg.lower():
-        return CryptoError(msg, code="invalid_key")
-    if "rfc 3339" in msg.lower():
-        return VerificationError(msg, code="invalid_timestamp")
-    if "future" in msg.lower() and "timestamp" in msg.lower():
-        return VerificationError(msg, code="future_timestamp")
-    if "parse" in msg.lower() or "json" in msg.lower():
-        return VerificationError(msg, code="invalid_signature")
-    return VerificationError(msg, code="invalid_signature")
-
-
-def _map_sign_error(exc: Exception) -> Exception:
-    msg = str(exc)
-    if "key" in msg.lower():
-        return CryptoError(msg, code="invalid_key")
-    return CryptoError(msg, code="signing_failed")
+    code = None
+    if msg.startswith("[AUTHS_") and "] " in msg:
+        code = msg[1:msg.index("]")]
+        msg = msg[msg.index("] ") + 2:]
+    if code and code in _ERROR_CODE_MAP:
+        py_code, cls = _ERROR_CODE_MAP[code]
+        return cls(msg, code=py_code)
+    return default_cls(msg, code="unknown")
 
 
 def _map_network_error(exc: Exception) -> Exception:
@@ -110,7 +126,7 @@ def verify(
                 )
             return _verify_attestation(attestation_json, issuer_key)
         except (ValueError, RuntimeError) as exc:
-            raise _map_verify_error(exc) from exc
+            raise _map_error(exc) from exc
 
     def verify_chain(
         self,
@@ -146,7 +162,7 @@ def verify_chain(
                 )
             return _verify_chain(attestations, root_key)
         except (ValueError, RuntimeError) as exc:
-            raise _map_verify_error(exc) from exc
+            raise _map_error(exc) from exc
 
     def verify_device(
         self,
@@ -161,14 +177,14 @@ def verify_device(
                 identity_did, device_did, attestations, identity_key
             )
         except (ValueError, RuntimeError) as exc:
-            raise _map_verify_error(exc) from exc
+            raise _map_error(exc) from exc
 
     def sign(self, message: bytes, private_key: str) -> str:
         """Sign raw bytes. Returns hex-encoded signature."""
         try:
             return _sign_bytes(private_key, message)
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def sign_action(
         self,
@@ -181,14 +197,14 @@ def sign_action(
         try:
             return _sign_action(private_key, action_type, payload, identity_did)
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def verify_action(self, envelope_json: str, public_key: str) -> VerificationResult:
         """Verify an action envelope signature."""
         try:
             return _verify_action_envelope(envelope_json, public_key)
         except (ValueError, RuntimeError) as exc:
-            raise _map_verify_error(exc) from exc
+            raise _map_error(exc) from exc
 
     def sign_as(
         self,
@@ -213,7 +229,7 @@ def sign_as(
         try:
             return sign_as_identity(message, identity, self.repo_path, pp)
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def sign_action_as(
         self,
@@ -241,7 +257,7 @@ def sign_action_as(
                 action_type, payload, identity, self.repo_path, pp
             )
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def sign_commit(
         self,
@@ -277,7 +293,7 @@ def sign_commit(
                 namespace=raw.namespace,
             )
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def sign_artifact(
         self,
@@ -318,7 +334,7 @@ def sign_artifact(
         except FileNotFoundError:
             raise
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def sign_artifact_bytes(
         self,
@@ -357,7 +373,7 @@ def sign_artifact_bytes(
                 file_size=raw.file_size,
             )
         except (ValueError, RuntimeError) as exc:
-            raise _map_sign_error(exc) from exc
+            raise _map_error(exc, default_cls=CryptoError) from exc
 
     def publish_artifact(
         self,
@@ -396,7 +412,7 @@ def publish_artifact(
                 raise StorageError(msg, code="duplicate_attestation") from exc
             if "verification_failed" in msg:
                 raise VerificationError(msg, code="verification_failed") from exc
-            raise _map_network_error(exc) from exc
+            raise _map_error(exc) from exc
 
     def get_token(
         self,
diff --git a/packages/auths-python/src/commit_sign.rs b/packages/auths-python/src/commit_sign.rs
index 11db2b9a..a3b7bd65 100644
--- a/packages/auths-python/src/commit_sign.rs
+++ b/packages/auths-python/src/commit_sign.rs
@@ -80,6 +80,7 @@ pub fn sign_commit(
         agent_signing: Arc::new(auths_sdk::ports::agent::NoopAgentProvider),
     };
 
+    #[allow(clippy::disallowed_methods)] // Presentation boundary
     let now = chrono::Utc::now();
 
     py.allow_threads(move || {
diff --git a/packages/auths-python/src/identity.rs b/packages/auths-python/src/identity.rs
index 69486735..a2ff5276 100644
--- a/packages/auths-python/src/identity.rs
+++ b/packages/auths-python/src/identity.rs
@@ -26,6 +26,7 @@ use pyo3::prelude::*;
 use ring::rand::SystemRandom;
 use ring::signature::{Ed25519KeyPair, KeyPair};
 
+#[allow(clippy::disallowed_methods)] // Presentation boundary: env var read is intentional
 pub(crate) fn resolve_passphrase(passphrase: Option<String>) -> String {
     passphrase.unwrap_or_else(|| std::env::var("AUTHS_PASSPHRASE").unwrap_or_default())
 }
@@ -39,8 +40,6 @@ pub(crate) fn make_keychain_config(passphrase: &str) -> EnvironmentConfig {
             passphrase: Some(passphrase.to_string()),
         },
         ssh_agent_socket: None,
-        #[cfg(feature = "keychain-pkcs11")]
-        pkcs11: None,
     }
 }
 
diff --git a/packages/auths-python/src/identity_sign.rs b/packages/auths-python/src/identity_sign.rs
index 24f96df4..4d8c22c9 100644
--- a/packages/auths-python/src/identity_sign.rs
+++ b/packages/auths-python/src/identity_sign.rs
@@ -12,6 +12,7 @@ fn make_signer(
     StorageSigner<Box<dyn auths_core::storage::keychain::KeyStorage + Send + Sync>>,
     PrefilledPassphraseProvider,
 )> {
+    #[allow(clippy::disallowed_methods)] // Presentation boundary: env var read is intentional
     let passphrase_str =
         passphrase.unwrap_or_else(|| std::env::var("AUTHS_PASSPHRASE").unwrap_or_default());
     let env_config = EnvironmentConfig {
@@ -22,8 +23,6 @@ fn make_signer(
             passphrase: Some(passphrase_str.clone()),
         },
         ssh_agent_socket: None,
-        #[cfg(feature = "keychain-pkcs11")]
-        pkcs11: None,
     };
 
     let keychain = get_platform_keychain_with_config(&env_config)
@@ -104,6 +103,7 @@ pub fn sign_action_as_identity(
         pyo3::exceptions::PyValueError::new_err(format!("Invalid payload JSON: {e}"))
     })?;
 
+    #[allow(clippy::disallowed_methods)] // Presentation boundary
     let timestamp = chrono::Utc::now().to_rfc3339_opts(chrono::SecondsFormat::Secs, true);
 
     let signing_data = serde_json::json!({
diff --git a/packages/auths-python/src/policy.rs b/packages/auths-python/src/policy.rs
index eb641347..fff0fdde 100644
--- a/packages/auths-python/src/policy.rs
+++ b/packages/auths-python/src/policy.rs
@@ -44,6 +44,7 @@ pub struct PyEvalContext {
 impl PyEvalContext {
     #[new]
     #[pyo3(signature = (issuer, subject, *, capabilities=None, role=None, revoked=false, expires_at=None, repo=None, environment=None, signer_type=None, delegated_by=None, chain_depth=None))]
+    #[allow(clippy::too_many_arguments)] // PyO3 constructor mirrors Python kwargs
     fn new(
         issuer: &str,
         subject: &str,
@@ -62,7 +63,9 @@ impl PyEvalContext {
         let subject_did = CanonicalDid::parse(subject)
             .map_err(|e| PyValueError::new_err(format!("Invalid subject DID: {e}")))?;
 
-        let mut ctx = EvalContext::new(Utc::now(), issuer_did, subject_did).revoked(revoked);
+        #[allow(clippy::disallowed_methods)] // Presentation boundary
+        let now = Utc::now();
+        let mut ctx = EvalContext::new(now, issuer_did, subject_did).revoked(revoked);
 
         if let Some(caps) = capabilities {
             for cap_str in &caps {
diff --git a/packages/auths-python/src/sign.rs b/packages/auths-python/src/sign.rs
index 9fa8937c..73b13f53 100644
--- a/packages/auths-python/src/sign.rs
+++ b/packages/auths-python/src/sign.rs
@@ -72,6 +72,7 @@ pub fn sign_action(
     let payload: serde_json::Value = serde_json::from_str(payload_json)
         .map_err(|e| PyValueError::new_err(format!("Invalid payload JSON: {e}")))?;
 
+    #[allow(clippy::disallowed_methods)] // Presentation boundary
     let timestamp = chrono::Utc::now().to_rfc3339_opts(chrono::SecondsFormat::Secs, true);
 
     let signing_data = serde_json::json!({
@@ -148,6 +149,7 @@ pub fn verify_action_envelope(
         return Ok(VerificationResult {
             valid: false,
             error: Some(format!("Unsupported version: {version}")),
+            error_code: Some("AUTHS_INVALID_INPUT".to_string()),
         });
     }
 
@@ -175,10 +177,12 @@ pub fn verify_action_envelope(
         Ok(()) => Ok(VerificationResult {
             valid: true,
             error: None,
+            error_code: None,
         }),
         Err(_) => Ok(VerificationResult {
             valid: false,
             error: Some("Ed25519 signature verification failed".to_string()),
+            error_code: Some("AUTHS_ISSUER_SIG_FAILED".to_string()),
         }),
     }
 }
diff --git a/packages/auths-python/src/types.rs b/packages/auths-python/src/types.rs
index 13aac94a..db0a417c 100644
--- a/packages/auths-python/src/types.rs
+++ b/packages/auths-python/src/types.rs
@@ -11,6 +11,8 @@ pub struct VerificationResult {
     pub valid: bool,
     #[pyo3(get)]
     pub error: Option<String>,
+    #[pyo3(get)]
+    pub error_code: Option<String>,
 }
 
 #[pymethods]
@@ -18,6 +20,12 @@ impl VerificationResult {
     fn __repr__(&self) -> String {
         if self.valid {
             "VerificationResult(valid=True)".to_string()
+        } else if let Some(code) = &self.error_code {
+            format!(
+                "VerificationResult(valid=False, error={:?}, error_code={:?})",
+                self.error.as_deref().unwrap_or("None"),
+                code
+            )
         } else {
             format!(
                 "VerificationResult(valid=False, error={:?})",
diff --git a/packages/auths-python/src/verify.rs b/packages/auths-python/src/verify.rs
index 17612f48..2ffe9485 100644
--- a/packages/auths-python/src/verify.rs
+++ b/packages/auths-python/src/verify.rs
@@ -1,6 +1,7 @@
 use auths_verifier::core::{
     Attestation, Capability, MAX_ATTESTATION_JSON_SIZE, MAX_JSON_BATCH_SIZE,
 };
+use auths_verifier::error::AuthsErrorInfo;
 use auths_verifier::types::DeviceDID;
 use auths_verifier::verify::{
     verify_at_time as rust_verify_at_time, verify_chain as rust_verify_chain,
@@ -57,6 +58,7 @@ pub fn verify_attestation(
             return Ok(VerificationResult {
                 valid: false,
                 error: Some(format!("Failed to parse attestation JSON: {e}")),
+                error_code: Some("AUTHS_SERIALIZATION_ERROR".to_string()),
             });
         }
     };
@@ -66,9 +68,11 @@ pub fn verify_attestation(
             Ok(_) => Ok(VerificationResult {
                 valid: true,
                 error: None,
+                error_code: None,
             }),
             Err(e) => Ok(VerificationResult {
                 valid: false,
+                error_code: Some(e.error_code().to_string()),
                 error: Some(e.to_string()),
             }),
         },
@@ -121,7 +125,8 @@ pub fn verify_chain(
         match runtime().block_on(rust_verify_chain(&attestations, &root_pk_bytes)) {
             Ok(report) => Ok(report.into()),
             Err(e) => Err(PyRuntimeError::new_err(format!(
-                "Chain verification failed: {e}"
+                "[{}] Chain verification failed: {e}",
+                e.error_code()
             ))),
         }
     })
@@ -184,7 +189,8 @@ pub fn verify_device_authorization(
         )) {
             Ok(report) => Ok(report.into()),
             Err(e) => Err(PyRuntimeError::new_err(format!(
-                "Device authorization verification failed: {e}"
+                "[{}] Device authorization verification failed: {e}",
+                e.error_code()
             ))),
         }
     })
@@ -232,6 +238,7 @@ pub fn verify_attestation_with_capability(
             return Ok(VerificationResult {
                 valid: false,
                 error: Some(format!("Failed to parse attestation JSON: {e}")),
+                error_code: Some("AUTHS_SERIALIZATION_ERROR".to_string()),
             });
         }
     };
@@ -245,9 +252,11 @@ pub fn verify_attestation_with_capability(
             Ok(_) => Ok(VerificationResult {
                 valid: true,
                 error: None,
+                error_code: None,
             }),
             Err(e) => Ok(VerificationResult {
                 valid: false,
+                error_code: Some(e.error_code().to_string()),
                 error: Some(e.to_string()),
             }),
         }
@@ -310,7 +319,8 @@ pub fn verify_chain_with_capability(
         )) {
             Ok(report) => Ok(report.into()),
             Err(e) => Err(PyRuntimeError::new_err(format!(
-                "Chain verification with capability failed: {e}"
+                "[{}] Chain verification with capability failed: {e}",
+                e.error_code()
             ))),
         }
     })
@@ -332,6 +342,7 @@ fn parse_rfc3339_timestamp(at_rfc3339: &str) -> PyResult<DateTime<Utc>> {
         }
     })?;
 
+    #[allow(clippy::disallowed_methods)] // Presentation boundary
     let now = Utc::now();
     let skew_tolerance = chrono::Duration::seconds(60);
     if at > now + skew_tolerance {
@@ -393,6 +404,7 @@ pub fn verify_at_time(
             return Ok(VerificationResult {
                 valid: false,
                 error: Some(format!("Failed to parse attestation JSON: {e}")),
+                error_code: Some("AUTHS_SERIALIZATION_ERROR".to_string()),
             });
         }
     };
@@ -402,9 +414,11 @@ pub fn verify_at_time(
             Ok(_) => Ok(VerificationResult {
                 valid: true,
                 error: None,
+                error_code: None,
             }),
             Err(e) => Ok(VerificationResult {
                 valid: false,
+                error_code: Some(e.error_code().to_string()),
                 error: Some(e.to_string()),
             }),
         },
@@ -440,6 +454,7 @@ pub fn verify_at_time_with_capability(
             return Ok(VerificationResult {
                 valid: false,
                 error: Some(format!("Failed to parse attestation JSON: {e}")),
+                error_code: Some("AUTHS_SERIALIZATION_ERROR".to_string()),
             });
         }
     };
@@ -455,6 +470,7 @@ pub fn verify_at_time_with_capability(
                     Ok(VerificationResult {
                         valid: true,
                         error: None,
+                        error_code: None,
                     })
                 } else {
                     Ok(VerificationResult {
@@ -462,11 +478,13 @@ pub fn verify_at_time_with_capability(
                         error: Some(format!(
                             "Attestation does not grant required capability '{required_capability}'"
                         )),
+                        error_code: Some("AUTHS_MISSING_CAPABILITY".to_string()),
                     })
                 }
             }
             Err(e) => Ok(VerificationResult {
                 valid: false,
+                error_code: Some(e.error_code().to_string()),
                 error: Some(e.to_string()),
             }),
         },
@@ -570,7 +588,8 @@ pub fn verify_chain_with_witnesses(
         )) {
             Ok(report) => Ok(report.into()),
             Err(e) => Err(PyRuntimeError::new_err(format!(
-                "Chain verification with witnesses failed: {e}"
+                "[{}] Chain verification with witnesses failed: {e}",
+                e.error_code()
             ))),
         }
     })