When WiredTiger loads a key provider checkpoint via _disagg_load_crypt_key (src/conn/conn_layered_page_log.c), it sets crypt.r.lsn before calling load_key but never sets crypt.timestamp, even though crypt_header->timestamp is available at that point — it is used immediately after for _disagg_prune_pending_crypt_keys.

As a result, the key provider always receives timestamp = 0 in load_key, so kp->state.timestamp starts at 0 after a restart rather than reflecting the actual timestamp of the persisted key. The on_key_update assertion crypt->timestamp > kp->state.timestamp then spuriously passes for any positive timestamp rather than correctly enforcing strict advancement from the last known value.

Fix: Add crypt.timestamp = crypt_header->timestamp; before the load_key call at line 291 of src/conn/conn_layered_page_log.c.