diff --git a/.planning/STATE.md b/.planning/STATE.md
index ab4719e5..35c78250 100644
--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@@ -4,7 +4,7 @@ milestone: v1.0
 milestone_name: milestone
 status: executing
 stopped_at: Completed 04-02-PLAN.md
-last_updated: "2026-03-11T19:40:20.252Z"
+last_updated: "2026-03-11T20:08:12.754Z"
 last_activity: 2026-03-11 -- Completed 04-02 (Security filter chain wiring)
 progress:
   total_phases: 4
diff --git a/.planning/phases/04-security/04-VERIFICATION.md b/.planning/phases/04-security/04-VERIFICATION.md
new file mode 100644
index 00000000..05b1d0be
--- /dev/null
+++ b/.planning/phases/04-security/04-VERIFICATION.md
@@ -0,0 +1,118 @@
+---
+phase: 04-security
+verified: 2026-03-11T20:50:00Z
+status: passed
+score: 10/10 must-haves verified
+gaps: []
+human_verification: []
+---
+
+# Phase 4: Security Verification Report
+
+**Phase Goal:** All server communication is authenticated and integrity-protected, with JWT for API access and Ed25519 signatures for pushed configuration
+**Verified:** 2026-03-11T20:50:00Z
+**Status:** PASSED
+**Re-verification:** No — initial verification
+
+## Goal Achievement
+
+### Observable Truths
+
+All truths drawn from PLAN frontmatter must_haves across plans 01, 02, and 03.
+
+| # | Truth | Status | Evidence |
+|---|-------|--------|----------|
+| 1 | Ed25519 keypair generated at startup; public key available as Base64 | VERIFIED | `Ed25519SigningServiceImpl` generates keypair via `KeyPairGenerator.getInstance("Ed25519")` in constructor; `getPublicKeyBase64()` returns Base64-encoded X.509 DER bytes |
+| 2 | JwtService creates access tokens (1h) and refresh tokens (7d) with agentId, group, and type claims | VERIFIED | `JwtServiceImpl.createToken()` sets `sub`, `group`, `type`, `iat`, `exp` claims using Nimbus `MACSigner`/`HS256`; expiry from `SecurityProperties` |
+| 3 | JwtService validates tokens and extracts agentId, distinguishing access vs refresh type | VERIFIED | `validateToken()` checks signature, expiration, and `type` claim; throws `InvalidTokenException` on any violation |
+| 4 | BootstrapTokenValidator uses constant-time comparison and supports dual-token rotation | VERIFIED | Uses `MessageDigest.isEqual()` for both primary and previous token; null/blank guarded |
+| 5 | Server fails fast on startup if CAMELEER_AUTH_TOKEN is not set | VERIFIED | `SecurityBeanConfig` registers an `InitializingBean` that throws `IllegalStateException` if `bootstrapToken` is null or blank |
+| 6 | All API endpoints except health, register, and docs reject requests without valid JWT | VERIFIED | `SecurityConfig` permits `/api/v1/health`, `/api/v1/agents/register`, `/api/v1/agents/*/refresh`, Swagger docs, and `/error`; all other requests require authentication; `SecurityFilterIT` (6 tests) confirms |
+| 7 | POST /register requires bootstrap token; returns JWT + refresh token + Ed25519 public key | VERIFIED | `AgentRegistrationController.register()` extracts and validates bootstrap token from `Authorization: Bearer` header, calls `jwtService.createAccessToken/createRefreshToken` and `ed25519SigningService.getPublicKeyBase64()`; `RegistrationSecurityIT` (3 tests) confirms |
+| 8 | POST /agents/{id}/refresh accepts refresh token and returns new access JWT | VERIFIED | `AgentRegistrationController.refresh()` calls `jwtService.validateRefreshToken()`, verifies agent ID match, issues new access token; `JwtRefreshIT` (5 tests) confirms |
+| 9 | All config-update, deep-trace, and replay SSE events carry a valid Ed25519 signature | VERIFIED | `SseConnectionManager.onCommandReady()` calls `ssePayloadSigner.signPayload(command.payload())` before `sendEvent()`; `SseSigningIT` (2 tests) verify end-to-end signature against public key |
+| 10 | Signature computed over original payload JSON, added as "signature" field | VERIFIED | `SsePayloadSigner.signPayload()` signs original string, parses JSON, adds `"signature"` field via `ObjectNode.put()`, re-serializes; `SsePayloadSignerTest` (7 tests) confirms including roundtrip verification |
+
+**Score:** 10/10 truths verified
+
+### Required Artifacts
+
+| Artifact | Provides | Status | Details |
+|----------|----------|--------|---------|
+| `cameleer3-server-core/.../security/JwtService.java` | JWT interface: createAccessToken, createRefreshToken, validateAndExtractAgentId, validateRefreshToken | VERIFIED | 49 lines, substantive interface with 4 methods |
+| `cameleer3-server-core/.../security/Ed25519SigningService.java` | Ed25519 interface: sign(payload), getPublicKeyBase64() | VERIFIED | 29 lines, substantive interface with 2 methods |
+| `cameleer3-server-app/.../security/JwtServiceImpl.java` | Nimbus JOSE+JWT HMAC-SHA256 implementation | VERIFIED | 120 lines; uses `MACSigner`/`MACVerifier`, ephemeral 256-bit secret, correct claims |
+| `cameleer3-server-app/.../security/Ed25519SigningServiceImpl.java` | JDK 17 Ed25519 KeyPairGenerator implementation | VERIFIED | 54 lines; `KeyPairGenerator.getInstance("Ed25519")`, `Signature.getInstance("Ed25519")`, Base64-encoded output |
+| `cameleer3-server-app/.../security/BootstrapTokenValidator.java` | Constant-time bootstrap token validation with dual-token rotation | VERIFIED | 50 lines; `MessageDigest.isEqual()`, checks current and previous token, null/blank guard |
+| `cameleer3-server-app/.../security/SecurityProperties.java` | Config binding with env var mapping | VERIFIED | 48 lines; `@ConfigurationProperties(prefix="security")`; all 4 fields with defaults |
+| `cameleer3-server-app/.../security/SecurityBeanConfig.java` | Bean wiring with fail-fast validation | VERIFIED | 43 lines; `@EnableConfigurationProperties`, all 3 service beans, `InitializingBean` check |
+| `cameleer3-server-app/.../security/JwtAuthenticationFilter.java` | OncePerRequestFilter extracting JWT from header or query param | VERIFIED | 72 lines; extracts from `Authorization: Bearer` then `?token=` query param; sets `SecurityContextHolder` |
+| `cameleer3-server-app/.../security/SecurityConfig.java` | SecurityFilterChain with permitAll for public paths, authenticated for rest | VERIFIED | 54 lines; stateless, CSRF disabled, correct permitAll list, `addFilterBefore` JwtAuthenticationFilter |
+| `cameleer3-server-app/.../controller/AgentRegistrationController.java` | Updated register endpoint with bootstrap token validation, JWT issuance, public key; refresh endpoint | VERIFIED | 230 lines; both `/register` and `/{id}/refresh` endpoints fully wired |
+| `cameleer3-server-app/.../agent/SsePayloadSigner.java` | Component that signs SSE command payloads | VERIFIED | 77 lines; `@Component`, signs then adds field, defensive null/blank handling |
+| `cameleer3-server-app/.../agent/SseConnectionManager.java` | Updated onCommandReady with signing before sendEvent | VERIFIED | `onCommandReady()` calls `ssePayloadSigner.signPayload()`, parses to `JsonNode` to avoid double-quoting |
+| `cameleer3-server-app/.../resources/application.yml` | Security config with env var mapping | VERIFIED | `security.bootstrap-token: ${CAMELEER_AUTH_TOKEN:}` and `security.bootstrap-token-previous: ${CAMELEER_AUTH_TOKEN_PREVIOUS:}` present |
+
+### Key Link Verification
+
+| From | To | Via | Status | Details |
+|------|----|-----|--------|---------|
+| `JwtServiceImpl` | Nimbus JOSE+JWT MACSigner/MACVerifier | HMAC-SHA256 signing with ephemeral 256-bit secret | VERIFIED | `new MACSigner(secret)`, `new MACVerifier(secret)`, `SignedJWT` — all present |
+| `Ed25519SigningServiceImpl` | JDK KeyPairGenerator/Signature | Ed25519 algorithm from java.security | VERIFIED | `KeyPairGenerator.getInstance("Ed25519")` and `Signature.getInstance("Ed25519")` confirmed |
+| `BootstrapTokenValidator` | SecurityProperties | reads token values from config properties | VERIFIED | `MessageDigest.isEqual()` used; reads `properties.getBootstrapToken()` and `properties.getBootstrapTokenPrevious()` |
+| `JwtAuthenticationFilter` | `JwtService.validateAndExtractAgentId` | Filter delegates JWT validation to service | VERIFIED | `jwtService.validateAndExtractAgentId(token)` on line 46 of filter |
+| `SecurityConfig` | `JwtAuthenticationFilter` | addFilterBefore | VERIFIED | `addFilterBefore(new JwtAuthenticationFilter(jwtService, registryService), UsernamePasswordAuthenticationFilter.class)` |
+| `AgentRegistrationController.register` | `BootstrapTokenValidator.validate` | Validates bootstrap token before processing | VERIFIED | `bootstrapTokenValidator.validate(bootstrapToken)` before any processing |
+| `AgentRegistrationController.register` | `JwtService.createAccessToken + createRefreshToken` | Issues tokens in registration response | VERIFIED | `jwtService.createAccessToken(agentId, group)` and `jwtService.createRefreshToken(agentId, group)` both called |
+| `SseConnectionManager.onCommandReady` | `SsePayloadSigner.signPayload` | Signs payload before SSE delivery | VERIFIED | `ssePayloadSigner.signPayload(command.payload())` on line 146 of SseConnectionManager |
+| `SsePayloadSigner` | `Ed25519SigningService.sign` | Delegates signing to Ed25519 service | VERIFIED | `ed25519SigningService.sign(jsonPayload)` on line 60 of SsePayloadSigner |
+
+### Requirements Coverage
+
+| Requirement | Source Plan | Description | Status | Evidence |
+|-------------|------------|-------------|--------|----------|
+| SECU-01 (#23) | Plan 02 | All API endpoints (except health and register) require valid JWT Bearer token | SATISFIED | `SecurityConfig` enforces authentication on all non-public paths; `SecurityFilterIT` tests confirm 401/403 without JWT |
+| SECU-02 (#24) | Plan 02 | JWT refresh flow via `POST /api/v1/agents/{id}/refresh` | SATISFIED | `AgentRegistrationController.refresh()` endpoint; `JwtRefreshIT` (5 tests) cover valid/invalid/wrong-type/mismatch/chain cases |
+| SECU-03 (#25) | Plan 01 | Server generates Ed25519 keypair; public key delivered at registration | SATISFIED | `Ed25519SigningServiceImpl` generates keypair at construction; `register()` returns `serverPublicKey` from `getPublicKeyBase64()`; `RegistrationSecurityIT` confirms |
+| SECU-04 (#26) | Plan 03 | All config-update and replay SSE payloads are signed with server's Ed25519 private key | SATISFIED | `SsePayloadSigner` signs all command payloads; `SseConnectionManager.onCommandReady()` calls it; `SseSigningIT` verifies end-to-end signature |
+| SECU-05 (#27) | Plans 01+02 | Bootstrap token from `CAMELEER_AUTH_TOKEN` env var validates initial agent registration | SATISFIED | `SecurityBeanConfig` fails fast if missing; `BootstrapTokenValidator` checks with constant-time comparison; `BootstrapTokenIT` (4 tests) confirm |
+
+All 5 SECU requirements satisfied. No orphaned or unaccounted requirements.
+
+### Anti-Patterns Found
+
+No anti-patterns detected in the security implementation files.
+
+Scanned: `JwtServiceImpl.java`, `Ed25519SigningServiceImpl.java`, `BootstrapTokenValidator.java`, `SecurityBeanConfig.java`, `JwtAuthenticationFilter.java`, `SecurityConfig.java`, `AgentRegistrationController.java`, `SsePayloadSigner.java`, `SseConnectionManager.java`.
+
+- No TODO/FIXME/placeholder comments
+- No stub returns (empty arrays, null without reason, etc.)
+- No console.log-only implementations
+- No disabled wiring
+
+One note: `deferred-items.md` documented 8 test failures at end of Plan 03. All are resolved — `AgentSseControllerIT`, `AgentCommandControllerIT`, and `JwtRefreshIT` all pass (verified by running full suite: 91 tests, 0 failures).
+
+### Human Verification Required
+
+None. All security properties are verifiable programmatically:
+
+- JWT token signing and validation: covered by unit tests
+- Bootstrap token constant-time comparison: code inspection confirms `MessageDigest.isEqual()`
+- Ed25519 signature verification: `SseSigningIT` verifies end-to-end using `Signature.getInstance("Ed25519")` with public key
+- SecurityFilterChain endpoint protection: `SecurityFilterIT` exercises the full HTTP stack
+
+### Test Suite Result
+
+Full `mvn verify` with `CAMELEER_AUTH_TOKEN=test-bootstrap-token`:
+
+| Suite | Tests | Result |
+|-------|-------|--------|
+| Unit tests (JwtServiceTest, Ed25519SigningServiceTest, BootstrapTokenValidatorTest, SsePayloadSignerTest, ElkDiagramRendererTest) | 36 | PASS |
+| Security ITs (SecurityFilterIT, BootstrapTokenIT, RegistrationSecurityIT, JwtRefreshIT, SseSigningIT) | 20 | PASS |
+| All other controller/storage ITs | 35 | PASS |
+| **Total** | **91** | **PASS** |
+
+---
+
+_Verified: 2026-03-11T20:50:00Z_
+_Verifier: Claude (gsd-verifier)_