Update Setup.md and Workplan.md for 2026-04-27 emulator session

Records CardEmulator addition, the two fido2-direct id=/raw_id= bug fixes,
and the expanded test count (100 → 122). Marks project status unchanged:
Phases 7 and 9 remain externally gated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Setup.md

@@ -648,6 +648,26 @@ Session note (2026-04-26, markdown maintenance re-scan):
   - direct FIDO2 enrollment/login support exists in code and is documented as an optional follow-up path, not the default deployed runtime
   - the main unresolved engineering limit is still the higher-fan-out Qubes forwarding ceiling on the browser-facing path, not basic chain bring-up
 
+Session note (2026-04-27, card emulator and bug fixes):
+- Added software emulator of the ChromeCard FIDO2 authenticator:
+  - `/home/user/chromecard/tests/card_emulator.py`
+  - implements `make_credential` and `get_assertion` with real P-256 cryptography
+  - in-memory credential store keyed by credential ID (matching firmware layout)
+  - auth_data byte layout and COSE key encoding mirror `fido_make_cred.c` / `fido_get_assertion.c` exactly
+  - `user_confirms=True/False` parameter simulates the card's Yes/No confirmation dialog
+  - `refusing()` method returns a wrapper that forces `user_confirms=False` for integration test paths
+  - `forget_user(username)` simulates card-side credential removal
+  - module docstring is the usage guide
+- Fixed two bugs in `k_proxy_app.py` that were silently breaking fido2-direct mode:
+  - `RegistrationResponse(id=..., ...)` → `RegistrationResponse(raw_id=..., ...)` (fido2 2.2.0 API)
+  - `AuthenticationResponse(id=..., ...)` → `AuthenticationResponse(raw_id=..., ...)` (same)
+  - both calls raised `TypeError` at runtime, caught by the surrounding `except`, so register and
+    authenticate in fido2-direct mode always returned failure without any visible error
+- Extended test suite: 22 new tests across `TestCardEmulatorUnit` and `TestCardEmulatorIntegration`
+  - covers: register, authenticate, user-says-no (register and auth), forget, two-user isolation,
+    sign-count monotonicity, wrong RP rejection, empty allow-list rejection
+  - total test count is now 122, all passing locally without card or VMs
+
 ## Known FIDO2 Transport Boundary
 
 - FIDO2 on this firmware is handled via USB HID (CTAPHID), not Wi-Fi/BLE/MQTT.

Workplan.md

@@ -553,8 +553,15 @@ Status (2026-04-27):
 - fido2-direct mode confirmed working end-to-end with real card via browser on k_client.
 - Full register → login → counter → logout flow verified with physical card button presses.
 - Bug fixed: ClientState.enroll() now calls /session/logout on k_proxy before re-enrolling.
-- 100-test unit suite added for k_proxy (tests/test_k_proxy.py); runs locally without card or VMs.
 - All three service files refactored and re-deployed.
+- Added CardEmulator: software emulator of the ChromeCard FIDO2 authenticator for use in tests.
+  - real P-256 crypto; auth_data layout mirrors firmware exactly
+  - user_confirms=True/False simulates card Yes/No; refusing() wrapper for integration test paths
+  - forget_user() simulates card-side key removal
+  - module docstring in tests/card_emulator.py is the usage guide
+- Fixed two silent fido2-direct bugs: RegistrationResponse and AuthenticationResponse were both
+  constructed with id= instead of raw_id=; all direct-mode register/authenticate calls were failing.
+- Test suite now at 122 tests (was 100), all passing locally without card or VMs.
 
 Phase status (2026-04-27):
 - Phase 6.5 (concurrency): deferred. Ceiling (~10 in-flight) is acceptable until multi-card use cases arrive.