diff --git a/documentation/roadmap.md b/documentation/roadmap.md
index 7599704..83b7432 100644
--- a/documentation/roadmap.md
+++ b/documentation/roadmap.md
@@ -89,16 +89,16 @@ Each phase produces a working increment. Nothing is built speculatively.
 **Goal:** Users can log in via Google or GitHub and stay logged in.
 **Done when:** Better Auth session is validated on protected routes; unauthenticated users are redirected to login; user row is created on first social login.
 
-- [ ] Install `better-auth` and configure with Drizzle adapter + PostgreSQL
-- [ ] Mount Better Auth handler on `/api/auth/*` in `app.ts`
-- [ ] Configure Google and GitHub social providers
-- [ ] Run Better Auth CLI to generate and migrate auth tables (user, session, account, verification)
-- [ ] Add session validation middleware for protected API routes
-- [ ] Frontend: install `better-auth/react` client
-- [ ] Frontend: login page with Google + GitHub buttons
-- [ ] Frontend: TanStack Router auth guard using `useSession`
-- [ ] Frontend: TanStack Query `api.ts` sends credentials with every request
-- [ ] Unit tests for session middleware
+- [x] Install `better-auth` and configure with Drizzle adapter + PostgreSQL
+- [x] Mount Better Auth handler on `/api/auth/*` in `app.ts`
+- [x] Configure Google and GitHub social providers
+- [x] Run Better Auth CLI to generate and migrate auth tables (user, session, account, verification)
+- [x] Add session validation middleware for protected API routes
+- [x] Frontend: install `better-auth/react` client
+- [x] Frontend: login page with Google + GitHub buttons
+- [x] Frontend: TanStack Router auth guard using `useSession`
+- [x] Frontend: TanStack Query `api.ts` sends credentials with every request
+- [x] Unit tests for session middleware
 
 ---