diff --git a/.planning/phases/10-events/10-VALIDATION.md b/.planning/phases/10-events/10-VALIDATION.md
index f698348..5f140fc 100644
--- a/.planning/phases/10-events/10-VALIDATION.md
+++ b/.planning/phases/10-events/10-VALIDATION.md
@@ -1,9 +1,9 @@
 ---
 phase: 10
 slug: events
-status: draft
+status: complete
 nyquist_compliant: true
-wave_0_complete: false
+wave_0_complete: true
 created: 2026-05-16
 ---
 
@@ -17,14 +17,14 @@ created: 2026-05-16
 |----------|-------|
 | **Framework** | Go `testing` with existing DB-backed web handler tests |
 | **Config file** | `backend/internal/web/*_test.go`, `backend/internal/db/queries/*.sql`, `backend/migrations/*.sql` |
-| **Quick run command** | `go test ./backend/internal/web ./backend/internal/db/sqlc` |
-| **Full suite command** | `go test ./...` |
+| **Quick run command** | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEvent|TestEvents|TestListUserEventsRange|TestTabloDetailEventsTabFullPageFallback' -count=1` |
+| **Full suite command** | `cd backend && just generate && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./... -count=1` |
 | **Estimated runtime** | ~20-60 seconds depending on database startup/state |
 
 ## Sampling Rate
 
-- **After every task commit:** Run `go test ./backend/internal/web ./backend/internal/db/sqlc`
-- **After every plan wave:** Run `go test ./...`
+- **After every task commit:** Run `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEvent|TestEvents|TestListUserEventsRange|TestTabloDetailEventsTabFullPageFallback' -count=1`
+- **After every plan wave:** Run `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./... -count=1`
 - **Before `$gsd-verify-work`:** Full suite must be green
 - **Max feedback latency:** 60 seconds
 
@@ -32,19 +32,19 @@ created: 2026-05-16
 
 | Task ID | Plan | Wave | Requirement | Threat Ref | Secure Behavior | Test Type | Automated Command | File Exists | Status |
 |---------|------|------|-------------|------------|-----------------|-----------|-------------------|-------------|--------|
-| 10-01-01 | 01 | 0 | EVENT-01, EVENT-05 | T-10-01 / T-10-02 | Event data is scoped through owned tablos and user-scoped aggregation filters by `tablos.user_id` | DB/integration | `go test ./backend/internal/web ./backend/internal/db/sqlc` | W0 | pending |
-| 10-01-02 | 01 | 0 | EVENT-01 | T-10-04 | Invalid end times are rejected before persistence and by DB constraint | handler/DB | `go test ./backend/internal/web ./backend/internal/db/sqlc` | W0 | pending |
-| 10-02-01 | 02 | 1 | EVENT-01, EVENT-02, EVENT-03 | T-10-01 / T-10-03 | Create/edit/delete forms require CSRF and ownership checks | handler | `go test ./backend/internal/web` | W0 | pending |
-| 10-02-02 | 02 | 1 | EVENT-02, EVENT-03 | T-10-05 | Calendar output is escaped and HTMX fragments remain scoped to the Events tab | handler/template | `go test ./backend/internal/web` | W0 | pending |
-| 10-03-01 | 03 | 2 | EVENT-04, EVENT-05 | T-10-02 | Planning query returns only accessible events and includes tablo metadata | DB/integration | `go test ./backend/internal/web ./backend/internal/db/sqlc` | W0 | pending |
+| 10-01-01 | 01 | 0 | EVENT-01, EVENT-05 | T-10-01 / T-10-02 | Event data is scoped through owned tablos and user-scoped aggregation filters by `tablos.user_id` | DB/integration | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEventCreateRendersTitleInCalendar|TestEventsTabRendersMonthGrid|TestListUserEventsRangeReturnsOnlyOwnedTablos' -count=1` | Yes | covered |
+| 10-01-02 | 01 | 0 | EVENT-01, EVENT-04 | T-10-04 | Invalid end times are rejected before persistence and by DB constraint | handler/DB | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEventCreateRejectsEndTimeBeforeOrEqualStart|TestEventUpdateRejectsInvalidEndTime' -count=1` | Yes | covered |
+| 10-02-01 | 02 | 1 | EVENT-01, EVENT-02, EVENT-03, EVENT-05 | T-10-01 / T-10-03 | Create/edit/delete forms require CSRF and ownership checks | handler | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEventEditRendersInlineForm|TestEventUpdateChangesCalendarPlacement|TestEventDeleteRemovesFromCalendarAndDatabase|TestEventMutationOwnershipReturns404' -count=1` | Yes | covered |
+| 10-02-02 | 02 | 1 | EVENT-02, EVENT-03 | T-10-05 | Calendar output is escaped and HTMX fragments remain scoped to the Events tab | handler/template | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEventContentIsEscaped|TestTabloDetailEventsTabFullPageFallback|TestEventsTabRendersMonthGrid' -count=1` | Yes | covered |
+| 10-03-01 | 03 | 2 | EVENT-04, EVENT-05 | T-10-02 | Planning query returns only accessible events and includes tablo metadata | DB/integration | `cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestListUserEventsRangeReturnsOnlyOwnedTablos|TestEventsMonthNavigationPushesMonthParam|TestEventNewFromDayPrefillsDate|TestEventCreateSubmittedDateOverridesQueryDefault|TestEventsCalendarShowsMoreIndicator' -count=1` | Yes | covered |
 
-*Status: pending until the phase plan defines exact task IDs and files.*
+*Status: audited after execution; all automated checks map to current tests in `backend/internal/web/handlers_events_test.go`.*
 
 ## Wave 0 Requirements
 
-- [ ] Add focused SQLC/query coverage for create/list/update/delete and user-scoped date-range aggregation.
-- [ ] Add focused handler coverage for Events tab rendering, create validation, update, delete, and cross-user 404 behavior.
-- [ ] Add helper coverage indirectly through handler tests for month parsing, date prefill, and submitted-value precedence.
+- [x] Add focused SQLC/query coverage for create/list/update/delete and user-scoped date-range aggregation.
+- [x] Add focused handler coverage for Events tab rendering, create validation, update, delete, and cross-user 404 behavior.
+- [x] Add helper coverage indirectly through handler tests for month parsing, date prefill, and submitted-value precedence.
 
 ## Manual-Only Verifications
 
@@ -61,5 +61,34 @@ created: 2026-05-16
 - [x] Feedback latency < 60s
 - [x] `nyquist_compliant: true` set in frontmatter
 
-**Approval:** pending
+**Approval:** audited 2026-05-16
 
+## Validation Audit 2026-05-16
+
+| Metric | Count |
+|--------|-------|
+| Gaps found | 0 |
+| Resolved | 0 |
+| Escalated | 0 |
+
+### Coverage Confirmed
+
+- EVENT-01 is covered by creation, form submission, submitted-date precedence, no-end-time display, and ordering tests.
+- EVENT-02 is covered by inline edit, update calendar refresh, hard delete, and mutation ownership tests.
+- EVENT-03 is covered by the Events tab month grid, full-page fallback, HTMX month navigation, day prefill, overflow indicator, escaping, and ordering tests.
+- EVENT-04 is covered by create and update invalid end-time tests plus the `events_end_after_start` database constraint.
+- EVENT-05 is covered by tab ownership, mutation ownership, and user-scoped date-range aggregation tests.
+
+### Final Verification
+
+Passed:
+
+```bash
+cd backend && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./internal/web -run 'TestEvent|TestEvents|TestListUserEventsRange|TestTabloDetailEventsTabFullPageFallback' -count=1
+```
+
+Previously recorded as passed in `10-VERIFICATION.md`:
+
+```bash
+cd backend && just generate && TEST_DATABASE_URL='postgres://xtablo:xtablo@localhost:5432/xtablo?sslmode=disable' go test ./... -count=1 && git diff --check
+```