Cryptographic protocols rely on message-passing to coordinate activity among principals. Many richly developed tools, based on wellunderstood foundations, are available for the design and analysis of pure message-passing protocols. However, in many protocols, a principal uses non-local, mutable state to coordinate its local sessions. Cross-session state poses difficulties for protocol analysis tools.We provide a framework for modeling stateful protocols, and a hybrid analysis method. We leverage theorem-proving-specifically, PVS-for reasoning about computations over state. An "enrich-byneed" approach-embodied by CPSA-focuses on the message-passing part. The Envelope Protocol, due to Mark Ryan furnishes a case study.Protocol analysis is largely about message-passing in a model in which every message transmitted is made available to the adversary. The adversary can deliver the messages transmitted by the regular (i.e. compliant) principals, if desired, or not. The adversary can also retain them indefinitely, so that in the future he can deliver them, or messages built from them, repeatedly.However, some protocols also interact with long-term state.