diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md
index f7b1771..421dce6 100644
--- a/.planning/REQUIREMENTS.md
+++ b/.planning/REQUIREMENTS.md
@@ -61,6 +61,13 @@
 - **AUTH-01**: `~/.claudebox/.credentials.json` (OAuth tokens) is bind-mounted read-write into the sandbox when the file exists on the host, so users do not need to re-authenticate on every launch
 - **AUTH-02**: When `~/.claudebox/.credentials.json` does not exist, claudebox starts without any error or warning (silent skip)
 
+### Instance Isolation
+
+- **INST-01**: Each project directory has isolated conversation history — launching claudebox in two different project directories produces separate histories with no cross-contamination
+- **INST-02**: Git worktrees of the same repo share instance state with the main worktree (canonical root resolved via `git rev-parse --git-common-dir`)
+- **INST-03**: Two concurrent claudebox sessions in the same project do not corrupt each other's state (satisfied architecturally: Claude Code manages its own file-level concurrency within its data dir; no locking needed per D-13)
+- **INST-04**: `claudebox --gc` removes instance directories for project roots that no longer exist on disk
+
 ### Network Isolation
 
 - **NET-01**: Block LAN/Tailscale access (RFC1918 + 100.64.0.0/10) while allowing internet egress
@@ -127,9 +134,13 @@
 | NIX-03 | Phase 1 | Complete |
 | AUTH-01 | Phase 4 | Complete |
 | AUTH-02 | Phase 4 | Complete |
+| INST-01 | Phase 5 | Pending |
+| INST-02 | Phase 5 | Pending |
+| INST-03 | Phase 5 | Pending |
+| INST-04 | Phase 5 | Pending |
 
 **Coverage:**
-- v1 requirements: 31 total, v2 requirements (partial): 2
+- v1 requirements: 31 total, v2 requirements (partial): 6
 - Mapped to phases: 33
 - Unmapped: 0