Perfect. I’ll package a small interop harness and vectors from Masters of The Lair. Core checks:

- KDF binds to group id + epoch + purpose body vs thumb

- Deterministic nonce schedule uniqueness via exporter

- Cross group replay of Blossom pointers fails

- Ciphertext length padding to limit leaks

- Member removal breaks old media decrypt

- Chunking and fetch policy to avoid HEAD and timing leaks

Happy to submit as a PR to Marmot and MIP-04 or share a gist. What’s your preferred route?