diff --git a/docs/core-checklist-status.md b/docs/core-checklist-status.md
index 0063d4c..ba6d603 100644
--- a/docs/core-checklist-status.md
+++ b/docs/core-checklist-status.md
@@ -10,7 +10,7 @@ Legend:
 1. Account - `PARTIAL` (email auth, JWT, refresh, logout, reset; sessions exist, full UX still improving)
 2. User Profile - `DONE` (username, name, avatar, bio, update)
 3. User Status - `PARTIAL` (online/last seen/offline; "recently" heuristic limited)
-4. Contacts - `PARTIAL` (list/search/add/remove/block/unblock; UX moved to menu)
+4. Contacts - `PARTIAL` (list/search/add/remove/block/unblock; `add by email` flow covered by integration tests; UX moved to menu)
 5. Chat List - `DONE` (all/pinned/archive/sort/unread)
 6. Chat Types - `DONE` (private/group/channel)
 7. Chat Creation - `DONE` (private/group/channel)
diff --git a/tests/test_chat_message_flow.py b/tests/test_chat_message_flow.py
index 7ae9f38..8ce0451 100644
--- a/tests/test_chat_message_flow.py
+++ b/tests/test_chat_message_flow.py
@@ -633,6 +633,32 @@ async def test_group_invite_privacy_everyone_allows_invites_without_contacts(cli
     assert create_group_allowed.status_code == 200
 
 
+async def test_add_contact_by_email_success_and_not_found(client, db_session):
+    owner = await _create_verified_user(client, db_session, "contact_email_owner@example.com", "contact_email_owner", "strongpass123")
+    target = await _create_verified_user(client, db_session, "contact_email_target@example.com", "contact_email_target", "strongpass123")
+
+    add_contact = await client.post(
+        "/api/v1/users/contacts/by-email",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"email": "contact_email_target@example.com"},
+    )
+    assert add_contact.status_code == 204
+
+    contacts = await client.get(
+        "/api/v1/users/contacts",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+    )
+    assert contacts.status_code == 200
+    assert any(item["email"] == "contact_email_target@example.com" for item in contacts.json())
+
+    add_missing_contact = await client.post(
+        "/api/v1/users/contacts/by-email",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"email": "unknown_contact@example.com"},
+    )
+    assert add_missing_contact.status_code == 404
+
+
 async def test_avatar_privacy_hidden_from_other_users_search(client, db_session):
     owner = await _create_verified_user(client, db_session, "avatar_owner@example.com", "avatar_owner", "strongpass123")
     viewer = await _create_verified_user(client, db_session, "avatar_viewer@example.com", "avatar_viewer", "strongpass123")