diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml
index 50f293e9..0267a22a 100644
--- a/.github/workflows/xtest.yml
+++ b/.github/workflows/xtest.yml
@@ -524,6 +524,7 @@ jobs:
         working-directory: otdftests/xtest
         env:
           PLATFORM_TAG: ${{ matrix.platform-tag }}
+          OTDFCTL_HEADS: ${{ steps.configure-go.outputs.heads }}
 
       - name: Validate otdf-local integration tests
         if: ${{ !inputs }}
@@ -543,6 +544,7 @@ jobs:
         env:
           PLATFORM_DIR: "../../${{ steps.run-platform.outputs.platform-working-dir }}"
           PLATFORM_TAG: ${{ matrix.platform-tag }}
+          OTDFCTL_HEADS: ${{ steps.configure-go.outputs.heads }}
 
       - name: Run all standard xtests
         if: ${{ env.FOCUS_SDK == 'all' }}
@@ -554,6 +556,7 @@ jobs:
           PLATFORM_DIR: "../../${{ steps.run-platform.outputs.platform-working-dir }}"
           SCHEMA_FILE: "manifest.schema.json"
           PLATFORM_TAG: ${{ matrix.platform-tag }}
+          OTDFCTL_HEADS: ${{ steps.configure-go.outputs.heads }}
 
       - name: Run xtests focusing on a specific SDK
         if: ${{ env.FOCUS_SDK != 'all' }}
@@ -565,6 +568,7 @@ jobs:
           PLATFORM_DIR: "../../${{ steps.run-platform.outputs.platform-working-dir }}"
           SCHEMA_FILE: "manifest.schema.json"
           PLATFORM_TAG: ${{ matrix.platform-tag }}
+          OTDFCTL_HEADS: ${{ steps.configure-go.outputs.heads }}
 
       ######## ATTRIBUTE BASED CONFIGURATION #############
 
@@ -674,6 +678,7 @@ jobs:
         env:
           PLATFORM_DIR: "../../${{ steps.run-platform.outputs.platform-working-dir }}"
           PLATFORM_TAG: ${{ matrix.platform-tag }}
+          OTDFCTL_HEADS: ${{ steps.configure-go.outputs.heads }}
           PLATFORM_LOG_FILE: "../../${{ steps.run-platform.outputs.platform-log-file }}"
           KAS_ALPHA_LOG_FILE: "../../${{ steps.kas-alpha.outputs.log-file }}"
           KAS_BETA_LOG_FILE: "../../${{ steps.kas-beta.outputs.log-file }}"
diff --git a/xtest/conftest.py b/xtest/conftest.py
index eaa88c34..4f39176b 100644
--- a/xtest/conftest.py
+++ b/xtest/conftest.py
@@ -27,6 +27,22 @@
 
 logging.basicConfig(level=os.environ.get("LOGLEVEL", "DEBUG"))
 
+
+def pytest_report_header() -> list[str]:
+    """Surface PlatformFeatureSet detection in the always-visible session header.
+
+    Feature detection drives skips (e.g. mechanism-xwing gates the PQ/T tests),
+    and pytest does not show captured output for skipped tests. Echoing the
+    detected version and feature set into the report header makes it visible in
+    CI even when every gated test skips.
+    """
+    pfs = tdfs.get_platform_features()
+    return [
+        f"platform version: {pfs.version} (semver={pfs.semver})",
+        f"detected features: {', '.join(sorted(pfs.features))}",
+    ]
+
+
 # Load all fixture modules
 pytest_plugins = [
     "fixtures.kas",
diff --git a/xtest/fixtures/keys.py b/xtest/fixtures/keys.py
index 46a6b42f..5645e328 100644
--- a/xtest/fixtures/keys.py
+++ b/xtest/fixtures/keys.py
@@ -62,9 +62,16 @@ def _get_or_create_key(
                 wrapping_key=root_key,
                 wrapping_key_id="root",
             )
-        except InvalidAlgorithm:
+        except InvalidAlgorithm as e:
             if required_features:
-                pytest.skip(f"Algorithm {algorithm} not supported by platform")
+                # Surface the underlying platform/otdfctl error so we can tell a
+                # client-side mapping rejection ("invalid algorithm" from
+                # otdfctl sdkHelpers) apart from a server-side protovalidate
+                # rejection ("key_algorithm_defined" CEL on the policy service).
+                pytest.skip(
+                    f"Algorithm {algorithm} not supported by platform "
+                    f"(features={required_features!r}): {e}"
+                )
             raise
     return key
 
diff --git a/xtest/tdfs.py b/xtest/tdfs.py
index 1d970444..50f6e459 100644
--- a/xtest/tdfs.py
+++ b/xtest/tdfs.py
@@ -40,6 +40,7 @@ def _algs_from_km1_log() -> set[str]:
     """
     log = _km1_log_path()
     if not log or not log.exists():
+        logger.debug("km1 log not found (path=%s); no algs from log", log)
         return set()
     algs: set[str] = set()
     try:
@@ -59,7 +60,7 @@ def _algs_from_km1_log() -> set[str]:
                         if alg := k.get("alg"):
                             algs.add(alg)
     except Exception:
-        pass
+        logger.debug("failed reading km1 log %s", log, exc_info=True)
     return algs
 
 
@@ -94,7 +95,8 @@ def _kas_supports_algorithm(algorithm: str) -> bool:
     try:
         with urllib.request.urlopen(req, timeout=5) as resp:
             return resp.status == 200
-    except Exception:
+    except Exception as e:
+        logger.debug("KAS algorithm probe for %s at %s failed: %s", algorithm, url, e)
         return False