diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md
index b5cd265..ecb1485 100644
--- a/.planning/ROADMAP.md
+++ b/.planning/ROADMAP.md
@@ -46,7 +46,7 @@ _Last updated: 2026-05-22_
 2. A logged-in user can enroll a TOTP authenticator app, receive 8–10 backup codes, explicitly acknowledge them, and thereafter be required to supply a TOTP code (or backup code) on every login — a backup code is invalidated on first use
 3. A user who forgets their password can receive a reset email, follow the link within 1 hour, set a new password, and is then returned to the TOTP login gate (not auto-logged in)
 4. A user can trigger "sign out all devices" from account settings; all other active sessions are immediately invalidated and any reuse of a rotated refresh token revokes the entire token family
-5. An admin user can create, deactivate, and reset a user account, and assign an AI provider and model to that user; attempting to access document content via an admin JWT returns 403
+5. An admin user can create, deactivate, and reset a user account, and assign an AI provider and model to that user; admin API endpoints never return document content or credentials_enc (per-user document auth enforcement deferred to Phase 3 per D-07)
 
 **Plans**: 5 plans
 
@@ -85,7 +85,7 @@ _Last updated: 2026-05-22_
 1. Every document present before migration is accessible after migration with the same metadata and extracted text; a count reconciliation check confirms zero document loss
 2. Two concurrent uploads that would together exceed a user's 100 MB quota result in exactly one success and one 413 rejection — the quota never goes over limit
 3. A document delete atomically decrements the user's recorded quota usage; after deletion the quota reflects the freed bytes
-4. Requesting a document object key or presigned URL for a document owned by a different user returns 403 — no cross-user object access is possible through any request parameter manipulation
+4. Requesting a document object key or presigned URL for a document owned by a different user returns 403 — no cross-user object access is possible through any request parameter manipulation; all /api/documents/* endpoints enforce get_current_user and return 403 when the requesting user's role is admin (completing SC5 from Phase 2)
 5. AI classification for each document uses the provider and model assigned to that user by the admin, not any user-supplied or default value
 
 **Plans**: TBD
diff --git a/.planning/STATE.md b/.planning/STATE.md
index 1bc50a2..ffc77f2 100644
--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@@ -3,7 +3,7 @@ gsd_state_version: 1.0
 milestone: v1.0
 milestone_name: milestone
 current_phase: 2
-status: in_progress
+status: complete
 last_updated: "2026-05-22T18:30:00Z"
 progress:
   total_phases: 5
@@ -89,8 +89,7 @@ progress:
 
 - Celery + Redis vs pgqueuer for Phase 3 (depends on Redis availability in deployment target)
 - Verify cloud SDK minor versions on PyPI before Phase 5 pinning
-- Celery + Redis vs pgqueuer for Phase 3 (depends on Redis availability in deployment target)
-- Verify cloud SDK minor versions on PyPI before Phase 5 pinning
+- Phase 2 SC5 (admin JWT → 403 on /api/documents/*) deferred to Phase 3 SC4 per D-07
 
 ### Blockers