diff --git a/deploy/ENVIRONMENTS.md b/deploy/ENVIRONMENTS.md
index 021bbe6..8a4a354 100644
--- a/deploy/ENVIRONMENTS.md
+++ b/deploy/ENVIRONMENTS.md
@@ -419,8 +419,8 @@ Every `CERTCTL_*` environment variable is read by the server's `internal/config/
 | `CERTCTL_RATE_LIMIT_BURST` | `20` | Burst allowance above RPS |
 | `CERTCTL_RATE_LIMIT_BUCKET_TTL` | `1h` | Sprint 2 SEC-006: lifetime of an unused token-bucket entry. A background sweeper running every `BucketTTL/4` reclaims buckets whose last `allow()` call is older than this. Values < 1m clamp up to 1m. Lower when facing high-cardinality unauthenticated traffic (CGNAT churn, scanners) where the bucket-map RSS becomes a concern. |
 | `CERTCTL_SCHEDULER_JOB_CLAIM_LIMIT` | `1000` | Sprint 2 SCALE-001: cap on the number of Pending rows a single scheduler tick may claim via `ClaimPendingJobs`. Pre-Sprint-2 the scheduler claimed every Pending row in one transaction, which page-thrashed on 100K-job bursts. Values ≤ 0 fail-safe to `1000` (legacy unlimited semantics are no longer reachable). Pair-tune with `CERTCTL_RENEWAL_CONCURRENCY` (default 25) — the default 40:1 ratio keeps the fan-out busy without exhausting upstream-CA rate limits. |
-| `CERTCTL_AGENT_BOOTSTRAP_TOKEN` | (empty) | Agent-registration bootstrap secret. Empty = v2.1.x warn-mode pass-through. Set to a real value (`openssl rand -base64 32`); the deny-empty flag's default flip in v2.2.0 will require it. |
-| `CERTCTL_AGENT_BOOTSTRAP_TOKEN_DENY_EMPTY` | `false` | Phase 2 SEC-H1 staged flag. When `true`, the server refuses to start unless `CERTCTL_AGENT_BOOTSTRAP_TOKEN` is non-empty. Default flip to `true` scheduled for v2.2.0. |
+| `CERTCTL_AGENT_BOOTSTRAP_TOKEN` | (empty — required) | Agent-registration bootstrap secret. Set to a real value (`openssl rand -base64 32`). Sprint 5 ACQ RED-003 (2026-05-16) flipped the paired `_DENY_EMPTY` flag's default to `true`, so leaving this empty now refuses server start (unless `CERTCTL_DEMO_MODE_ACK=true`). Operators on v2.1.x reopening the warn-mode escape hatch one upgrade-window can set `CERTCTL_AGENT_BOOTSTRAP_TOKEN_DENY_EMPTY=false` explicitly. |
+| `CERTCTL_AGENT_BOOTSTRAP_TOKEN_DENY_EMPTY` | `true` | Phase 2 SEC-H1 fail-closed guard. When `true` (default since Sprint 5 ACQ RED-003 closure, 2026-05-16), the server refuses to start unless `CERTCTL_AGENT_BOOTSTRAP_TOKEN` is non-empty. Set to `false` only for a v2.1.x→v2.2.x upgrade-window warn-mode escape hatch. |
 | `CERTCTL_DEMO_MODE_ACK` | `false` | Acknowledges demo-mode synthetic admin posture (required when `CERTCTL_AUTH_TYPE=none` binds to a non-loopback host). Must be paired with `CERTCTL_DEMO_MODE_ACK_TS` per Phase 2 SEC-H3. |
 | `CERTCTL_DEMO_MODE_ACK_TS` | (empty) | Phase 2 SEC-H3: unix-epoch timestamp at which DemoModeAck was last acknowledged. When `CERTCTL_DEMO_MODE_ACK=true`, this must parse as a unix epoch within the last 24h. Set via `CERTCTL_DEMO_MODE_ACK_TS=$(date +%s)` at every `docker compose up`. |
 | `CERTCTL_ACME_INSECURE_ACK` | `false` | Phase 2 SEC-M4: explicit ACK required to boot with `CERTCTL_ACME_INSECURE=true`. Production deploys MUST never set either flag. |
diff --git a/deploy/docker-compose.test.yml b/deploy/docker-compose.test.yml
index 15cacf3..4890bdd 100644
--- a/deploy/docker-compose.test.yml
+++ b/deploy/docker-compose.test.yml
@@ -264,6 +264,18 @@ services:
       CERTCTL_AUTH_TYPE: api-key
       CERTCTL_AUTH_SECRET: test-key-2026
 
+      # Phase 2 SEC-H1 + Sprint 5 RED-003 closure (2026-05-16): the
+      # AgentBootstrapTokenDenyEmpty fail-closed guard refuses to start
+      # the server when CERTCTL_AGENT_BOOTSTRAP_TOKEN is empty (the
+      # default DENY_EMPTY=true flipped on Sprint 5). Demo stacks
+      # bypass the guard via CERTCTL_DEMO_MODE_ACK=true, but this is
+      # the e2e TEST stack (production-like auth posture), not a demo
+      # stack — set a deterministic placeholder token so the server
+      # boots and the vendor-edge integration tests can run. Clearly
+      # test-only; do NOT copy to production. Operators set this from
+      # `openssl rand -base64 32` per docs/operator/security.md.
+      CERTCTL_AGENT_BOOTSTRAP_TOKEN: test-agent-bootstrap-token-deterministic-fixture
+
       # Key generation — agent-side (production-like)
       CERTCTL_KEYGEN_MODE: agent