diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index acc4b0b..44d2add 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -72,7 +72,7 @@ jobs:
       - name: Run pip-audit
         run: |
           cd sdk/python
-          pip-audit --strict --desc
+          pip-audit --desc --skip-editable
 
       - name: License compliance check
         run: |
diff --git a/sdk/python/cryptoserve/__init__.py b/sdk/python/cryptoserve/__init__.py
index cdb675e..646a719 100644
--- a/sdk/python/cryptoserve/__init__.py
+++ b/sdk/python/cryptoserve/__init__.py
@@ -33,6 +33,7 @@
     cryptoserve-client  - API client only
     cryptoserve-auto    - Auto-protect for third-party libraries
 """
+from __future__ import annotations
 
 # Re-export from sub-packages for convenience
 from cryptoserve_client import CryptoClient
diff --git a/sdk/python/cryptoserve/__main__.py b/sdk/python/cryptoserve/__main__.py
index 79b1597..e61cafa 100644
--- a/sdk/python/cryptoserve/__main__.py
+++ b/sdk/python/cryptoserve/__main__.py
@@ -43,6 +43,8 @@
     cryptoserve token --key my-key --payload '{}'  # Create JWT token
 """
 
+from __future__ import annotations
+
 import os
 import sys
 import json
@@ -150,10 +152,11 @@ def _validate_server_url(url: str) -> str:
 
     try:
         ip = ipaddress.ip_address(hostname)
+    except ValueError:
+        pass  # Not an IP literal — hostname is fine
+    else:
         if ip.is_link_local:
             raise ValueError(f"Blocked URL — link-local address: {hostname}")
-    except ValueError:
-        pass  # Not an IP, hostname is fine
 
     return url.rstrip("/")
 
diff --git a/sdk/python/cryptoserve/_auto_register.py b/sdk/python/cryptoserve/_auto_register.py
index 9757eea..c7991ee 100644
--- a/sdk/python/cryptoserve/_auto_register.py
+++ b/sdk/python/cryptoserve/_auto_register.py
@@ -11,6 +11,7 @@
 - Automatic cache invalidation on key rotation
 - Local mode: full SDK API without server (no network required)
 """
+from __future__ import annotations
 
 import hashlib
 import hmac as hmac_mod
diff --git a/sdk/python/cryptoserve/_binary_manager.py b/sdk/python/cryptoserve/_binary_manager.py
index 8958015..fa8fb03 100644
--- a/sdk/python/cryptoserve/_binary_manager.py
+++ b/sdk/python/cryptoserve/_binary_manager.py
@@ -5,6 +5,8 @@
 Uses only stdlib (urllib.request) to avoid adding dependencies.
 """
 
+from __future__ import annotations
+
 import hashlib
 import json
 import os
diff --git a/sdk/python/cryptoserve/_cli_style.py b/sdk/python/cryptoserve/_cli_style.py
index 60c5bc0..cb3f2f1 100644
--- a/sdk/python/cryptoserve/_cli_style.py
+++ b/sdk/python/cryptoserve/_cli_style.py
@@ -3,6 +3,8 @@
 Provides consistent, enterprise-grade terminal output styling.
 """
 
+from __future__ import annotations
+
 import os
 import sys
 
diff --git a/sdk/python/cryptoserve/_credentials.py b/sdk/python/cryptoserve/_credentials.py
index 15db816..05b3e32 100644
--- a/sdk/python/cryptoserve/_credentials.py
+++ b/sdk/python/cryptoserve/_credentials.py
@@ -5,6 +5,8 @@
 Credentials are stored per-app per-environment in ~/.cryptoserve/apps/
 """
 
+from __future__ import annotations
+
 import json
 import os
 from typing import Optional
diff --git a/sdk/python/cryptoserve/_gate.py b/sdk/python/cryptoserve/_gate.py
index 5f4d67b..984bfd3 100644
--- a/sdk/python/cryptoserve/_gate.py
+++ b/sdk/python/cryptoserve/_gate.py
@@ -4,6 +4,7 @@
 Scans source files for cryptographic usage and applies policies.
 Works offline without server connection.
 """
+from __future__ import annotations
 
 import os
 import re
diff --git a/sdk/python/cryptoserve/_policies.py b/sdk/python/cryptoserve/_policies.py
index 8c0814d..e78ba19 100644
--- a/sdk/python/cryptoserve/_policies.py
+++ b/sdk/python/cryptoserve/_policies.py
@@ -5,6 +5,7 @@
 Supports policy presets (strict, standard, permissive) and
 custom configuration via .cryptoserve.yml.
 """
+from __future__ import annotations
 
 from dataclasses import dataclass, field
 from enum import Enum
diff --git a/sdk/python/cryptoserve/fastapi.py b/sdk/python/cryptoserve/fastapi.py
index e398769..4ee5ff2 100644
--- a/sdk/python/cryptoserve/fastapi.py
+++ b/sdk/python/cryptoserve/fastapi.py
@@ -34,6 +34,7 @@ class UserCreate(BaseModel):
         email: str
         ssn: str
 """
+from __future__ import annotations
 
 from typing import Any, Callable, Type, TypeVar, get_type_hints, TYPE_CHECKING
 from functools import wraps
diff --git a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/config.py b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/config.py
index 39f35f0..87ca883 100644
--- a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/config.py
+++ b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/config.py
@@ -1,6 +1,7 @@
 """
 Configuration for Auto-Protect.
 """
+from __future__ import annotations
 
 from dataclasses import dataclass, field
 from enum import Enum
diff --git a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/detectors/detector.py b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/detectors/detector.py
index c1a2f5b..85d6df1 100644
--- a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/detectors/detector.py
+++ b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/detectors/detector.py
@@ -1,6 +1,7 @@
 """
 Sensitive field detection logic.
 """
+from __future__ import annotations
 
 import re
 from dataclasses import dataclass
diff --git a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/interceptor.py b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/interceptor.py
index 00d5f67..fc79027 100644
--- a/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/interceptor.py
+++ b/sdk/python/packages/cryptoserve-auto/cryptoserve_auto/interceptor.py
@@ -1,6 +1,7 @@
 """
 Library interception and auto-protection.
 """
+from __future__ import annotations
 
 import threading
 from contextlib import contextmanager
diff --git a/sdk/python/packages/cryptoserve-client/cryptoserve_client/async_client.py b/sdk/python/packages/cryptoserve-client/cryptoserve_client/async_client.py
index 465e9be..a8dd980 100644
--- a/sdk/python/packages/cryptoserve-client/cryptoserve_client/async_client.py
+++ b/sdk/python/packages/cryptoserve-client/cryptoserve_client/async_client.py
@@ -3,6 +3,7 @@
 
 Requires httpx: pip install cryptoserve-client[async]
 """
+from __future__ import annotations
 
 import base64
 from typing import Any
diff --git a/sdk/python/packages/cryptoserve-client/cryptoserve_client/client.py b/sdk/python/packages/cryptoserve-client/cryptoserve_client/client.py
index 48b47c9..f93c199 100644
--- a/sdk/python/packages/cryptoserve-client/cryptoserve_client/client.py
+++ b/sdk/python/packages/cryptoserve-client/cryptoserve_client/client.py
@@ -10,6 +10,7 @@
 - Circuit breaker for fault tolerance
 - Batch operations for bulk processing
 """
+from __future__ import annotations
 
 import base64
 import json
diff --git a/sdk/python/packages/cryptoserve-client/cryptoserve_client/errors.py b/sdk/python/packages/cryptoserve-client/cryptoserve_client/errors.py
index bc72e49..5051a64 100644
--- a/sdk/python/packages/cryptoserve-client/cryptoserve_client/errors.py
+++ b/sdk/python/packages/cryptoserve-client/cryptoserve_client/errors.py
@@ -1,6 +1,7 @@
 """
 Exception classes for CryptoServe Client.
 """
+from __future__ import annotations
 
 
 class CryptoServeError(Exception):
diff --git a/sdk/python/packages/cryptoserve-client/cryptoserve_client/resilience.py b/sdk/python/packages/cryptoserve-client/cryptoserve_client/resilience.py
index 4db0dfd..cd174c5 100644
--- a/sdk/python/packages/cryptoserve-client/cryptoserve_client/resilience.py
+++ b/sdk/python/packages/cryptoserve-client/cryptoserve_client/resilience.py
@@ -6,6 +6,7 @@
 - Batch operations for bulk encryption/decryption
 - Request timeout handling
 """
+from __future__ import annotations
 
 import random
 import threading
diff --git a/sdk/python/packages/cryptoserve-core/cryptoserve_core/ciphers.py b/sdk/python/packages/cryptoserve-core/cryptoserve_core/ciphers.py
index 28b19ee..617a0e3 100644
--- a/sdk/python/packages/cryptoserve-core/cryptoserve_core/ciphers.py
+++ b/sdk/python/packages/cryptoserve-core/cryptoserve_core/ciphers.py
@@ -3,6 +3,7 @@
 
 Provides AES-256-GCM and ChaCha20-Poly1305 encryption.
 """
+from __future__ import annotations
 
 import os
 from typing import Tuple
diff --git a/sdk/python/packages/cryptoserve-core/cryptoserve_core/keys.py b/sdk/python/packages/cryptoserve-core/cryptoserve_core/keys.py
index 9506252..6c145c3 100644
--- a/sdk/python/packages/cryptoserve-core/cryptoserve_core/keys.py
+++ b/sdk/python/packages/cryptoserve-core/cryptoserve_core/keys.py
@@ -1,6 +1,7 @@
 """
 Key derivation and management utilities.
 """
+from __future__ import annotations
 
 import os
 import hashlib
diff --git a/sdk/python/packages/cryptoserve-core/cryptoserve_core/passwords.py b/sdk/python/packages/cryptoserve-core/cryptoserve_core/passwords.py
index 476fc23..96d6eb3 100644
--- a/sdk/python/packages/cryptoserve-core/cryptoserve_core/passwords.py
+++ b/sdk/python/packages/cryptoserve-core/cryptoserve_core/passwords.py
@@ -8,6 +8,8 @@
     $algorithm$params$salt_b64$hash_b64
 """
 
+from __future__ import annotations
+
 import base64
 import hashlib
 import hmac