diff --git a/.story_kit/work/1_upcoming/194_story_enable_matrix_e2ee_with_cross_signing_verification_on_bot.md b/.story_kit/work/1_upcoming/194_story_enable_matrix_e2ee_with_cross_signing_verification_on_bot.md
new file mode 100644
index 0000000..9da3288
--- /dev/null
+++ b/.story_kit/work/1_upcoming/194_story_enable_matrix_e2ee_with_cross_signing_verification_on_bot.md
@@ -0,0 +1,23 @@
+---
+name: "Enable Matrix E2EE with cross-signing verification on bot"
+---
+
+# Story 194: Enable Matrix E2EE with cross-signing verification on bot
+
+## User Story
+
+As a project operator, I want the Matrix bot to verify message senders cryptographically via E2EE cross-signing, so that a compromised Conduit server cannot spoof allowed users and execute commands through the bot.
+
+## Acceptance Criteria
+
+- [ ] Enable `e2e-encryption` feature on `matrix-sdk` in workspace Cargo.toml
+- [ ] Bot persists crypto state (device keys, cross-signing keys) in the existing SQLite store at `.story_kit/matrix_store/`
+- [ ] Bot rejects messages from unverified devices in encrypted rooms
+- [ ] Bot logs a clear warning when it receives a message from an unverified device
+- [ ] One-time cross-signing verification flow works between an Element client and the bot (e.g. emoji SAS)
+- [ ] Add `require_verified_devices` boolean to `bot.toml` config (default: false) so E2EE verification can be opted into without breaking existing setups
+- [ ] Existing plaintext-room behavior is preserved when `require_verified_devices = false`
+
+## Out of Scope
+
+- TBD