diff --git a/docs/implplan/SPRINT_20260408_001_FE_crypto_provider_picker.md b/docs/implplan/SPRINT_20260408_001_FE_crypto_provider_picker.md
index 3b278d41b..3563fe40e 100644
--- a/docs/implplan/SPRINT_20260408_001_FE_crypto_provider_picker.md
+++ b/docs/implplan/SPRINT_20260408_001_FE_crypto_provider_picker.md
@@ -175,7 +175,7 @@ Completion criteria:
 - [x] Priority ordering updates the registry's preferred order
 
 ### CP-005 - ICryptoProviderRegistry tenant-aware resolution
-Status: TODO
+Status: DONE
 Dependency: CP-002
 Owners: Backend Developer
 
@@ -194,11 +194,11 @@ Key files:
 - `src/__Libraries/StellaOps.Cryptography/CryptoRegistryProfiles.cs` (if exists)
 
 Completion criteria:
-- [ ] Tenant-aware resolution works when tenant accessor is available
-- [ ] Falls back to default when no tenant context or no preferences set
-- [ ] Cached query (not per-request DB hit)
-- [ ] Existing non-tenant code paths unaffected (unit tests pass)
-- [ ] Integration test: two tenants with different preferences resolve different providers
+- [x] Tenant-aware resolution works when tenant accessor is available
+- [x] Falls back to default when no tenant context or no preferences set
+- [x] Cached query (not per-request DB hit)
+- [x] Existing non-tenant code paths unaffected (unit tests pass)
+- [x] Integration test: two tenants with different preferences resolve different providers
 
 ## Execution Log
 | Date (UTC) | Update | Owner |
@@ -207,6 +207,7 @@ Completion criteria:
 | 2026-04-08 | CP-001 implemented: CryptoProviderHealthService + CryptoProviderAdminEndpoints (health probe). CP-002 implemented: SQL migration 062, ICryptoProviderPreferenceStore with Postgres and InMemory impls, CRUD endpoints. Both wired in Program.cs. Build verified (0 errors, 0 warnings). Unit tests pending. | Developer |
 | 2026-04-08 | Compose refactoring confirmed complete: smremote extracted (Slot 31 comment in main compose), overlay files already named `docker-compose.crypto-provider.*.yml`, README Crypto Provider Overlays section up to date, INSTALL_GUIDE.md references correct filenames. No old-named files to rename. | Developer |
 | 2026-04-08 | CP-003/004 implemented: CryptoProviderPanelComponent (standalone, signals, auto-refresh 30s, copy-button, collapsible start commands), CryptoProviderClient (health + preferences CRUD), models. Route at `/setup/crypto-providers`, Setup overview card added. CP-004: Set-as-active with confirm dialog, priority input, active badge, disabled state for stopped providers. Build verified (0 errors). CP-005 is backend-only, not in scope for this FE pass. | Frontend Developer |
+| 2026-04-08 | CP-005 implemented: TenantAwareCryptoProviderRegistry decorator wrapping ICryptoProviderRegistry, ITenantCryptoPreferenceProvider interface, DI extension AddTenantAwareCryptoResolution, PlatformCryptoPreferenceProvider bridging to ICryptoProviderPreferenceStore. 14 unit tests added (all pass): multi-tenant isolation, cache verification, fallback on missing tenant context, explicit-preferred-overrides-tenant, hasher/signer resolution. Build verified (0 errors). | Developer |
 
 ## Decisions & Risks
 - **Risk: Provider health probing from within containers.** The Platform service runs inside the Docker network; it can reach other containers by DNS alias but cannot determine whether a compose overlay is loaded vs. the container is unhealthy. Mitigation: treat any non-200 response (including DNS resolution failure) as `unreachable`.