How Can I Prevent Hackers From Spoofing TCP messages onto my server?

I have a Python client and server communicating over a TCP socket – they send and receive a certain set of standardized string commands to each other.

How can I prevent a hacker from creating their own client that sends the same kind of string commands (but with their own values) to the server?

Is it right that I can assume the hacker has access to the TCP messages being transmitted/received, but not the individual code that is being executed (if I only give them the executable)?

I’m new to network security and wanted to decide how best to design my network communication scheme.

Idea – I was imagining that I could possibly encrypt the messages before sending and decrypt on the server (assuming the hacker can’t find any of the keys in the source code?). Is this a secure way of going about it and am I on the right track?